rename secondary to remote :), complete the previous commit changes

2026-04-25 16:55:19 +02:00 · 2024-05-29 16:47:37 +02:00
parent 52a809145e
commit b9edcb7943
21 changed files with 60 additions and 45 deletions
--- a/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/AsyncSsh.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/AsyncSsh.py
@@ -14,6 +14,6 @@ session.userauth_password("user", "password")
@app.get("/bad1")
 async def bad1(cmd: str):
    async with asyncssh.connect('localhost') as conn:
-        result = await conn.run(cmd, check=True) # $ result=BAD getSecondaryCommand=cmd
+        result = await conn.run(cmd, check=True) # $ result=BAD getRemoteCommand=cmd
        print(result.stdout, end='')
    return {"success": "Dangerous"}
--- a/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/ConceptsTest.expected
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/ConceptsTest.expected
--- a/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/ConceptsTest.ql
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/ConceptsTest.ql
@@ -6,16 +6,16 @@ private import semmle.python.dataflow.new.internal.PrintNode
 import experimental.semmle.python.Concepts

 module SystemCommandExecutionTest implements TestSig {
-  string getARelevantTag() { result = "getSecondaryCommand" }
+  string getARelevantTag() { result = "getRemoteCommand" }

  predicate hasActualResult(Location location, string element, string tag, string value) {
    exists(location.getFile().getRelativePath()) and
-    exists(SecondaryCommandInjection sci, DataFlow::Node command |
-      command = sci and
+    exists(RemoteCommandExecution sci, DataFlow::Node command |
+      command = sci.getCommand() and
      location = command.getLocation() and
      element = command.toString() and
      value = prettyNodeForInlineTest(command) and
-      tag = "getSecondaryCommand"
+      tag = "getRemoteCommand"
    )
  }
 }
--- a/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/DataflowQueryTest.expected
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/DataflowQueryTest.expected
--- a/python/ql/test/experimental/query-tests/Security/CWE-074-RemoteCommandExecution/DataflowQueryTest.ql
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074-RemoteCommandExecution/DataflowQueryTest.ql
@@ -0,0 +1,4 @@
+import python
+import TestUtilities.dataflow.DataflowQueryTest
+import experimental.semmle.python.security.RemoteCommandExecution
+import FromTaintTrackingConfig<RemoteCommandExecutionConfig>
--- a/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/Netmiko.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/Netmiko.py
@@ -17,9 +17,9 @@ cisco_881 = {
@app.get("/bad1")
 async def bad1(cmd: str):
    net_connect = ConnectHandler(**cisco_881)
-    net_connect.send_command(command_string=cmd) # $ result=BAD getSecondaryCommand=cmd
-    net_connect.send_command_expect(command_string=cmd) # $ result=BAD getSecondaryCommand=cmd
-    net_connect.send_command_timing(command_string=cmd) # $ result=BAD getSecondaryCommand=cmd
-    net_connect.send_multiline(commands=[[cmd, "expect"]]) # $ result=BAD getSecondaryCommand=List
-    net_connect.send_multiline_timing(commands=cmd) # $ result=BAD getSecondaryCommand=cmd
+    net_connect.send_command(command_string=cmd) # $ result=BAD getRemoteCommand=cmd
+    net_connect.send_command_expect(command_string=cmd) # $ result=BAD getRemoteCommand=cmd
+    net_connect.send_command_timing(command_string=cmd) # $ result=BAD getRemoteCommand=cmd
+    net_connect.send_multiline(commands=[[cmd, "expect"]]) # $ result=BAD getRemoteCommand=List
+    net_connect.send_multiline_timing(commands=cmd) # $ result=BAD getRemoteCommand=cmd
    return {"success": "Dangerous"}
--- a/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/Pexpect.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/Pexpect.py
@@ -13,9 +13,9 @@ app = FastAPI()

@app.get("/bad1")
 async def bad1(cmd: str):
-    ssh.send(cmd)  # $ result=BAD getSecondaryCommand=cmd
+    ssh.send(cmd)  # $ result=BAD getRemoteCommand=cmd
    ssh.prompt()
-    ssh.sendline(cmd)  # $ result=BAD getSecondaryCommand=cmd
+    ssh.sendline(cmd)  # $ result=BAD getRemoteCommand=cmd
    ssh.prompt()
    ssh.logout()
    return {"success": stdout}
--- a/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/SecondaryServerCmdInjection.expected
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/SecondaryServerCmdInjection.expected
--- a/python/ql/test/experimental/query-tests/Security/CWE-074-RemoteCommandExecution/RemoteCommandExecution.qlref
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074-RemoteCommandExecution/RemoteCommandExecution.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE-074/remoteCommandExecution/RemoteCommandExecution.ql
--- a/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/Scrapli.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/Scrapli.py
@@ -21,19 +21,19 @@ async def bad1(cmd: str):
    }
    driver = AsyncIOSXEDriver
    async with driver(**dev_connect) as conn:
-        output = await conn.send_command(cmd) # $ result=BAD getSecondaryCommand=cmd
+        output = await conn.send_command(cmd) # $ result=BAD getRemoteCommand=cmd
    driver = AsyncIOSXRDriver
    async with driver(**dev_connect) as conn:
-        output = await conn.send_command(cmd) # $ result=BAD getSecondaryCommand=cmd
+        output = await conn.send_command(cmd) # $ result=BAD getRemoteCommand=cmd
    driver = AsyncNXOSDriver
    async with driver(**dev_connect) as conn:
-        output = await conn.send_command(cmd) # $ result=BAD getSecondaryCommand=cmd
+        output = await conn.send_command(cmd) # $ result=BAD getRemoteCommand=cmd
    driver = AsyncEOSDriver
    async with driver(**dev_connect) as conn:
-        output = await conn.send_command(cmd) # $ result=BAD getSecondaryCommand=cmd
+        output = await conn.send_command(cmd) # $ result=BAD getRemoteCommand=cmd
    driver = AsyncJunosDriver
    async with driver(**dev_connect) as conn:
-        output = await conn.send_command(cmd) # $ result=BAD getSecondaryCommand=cmd
+        output = await conn.send_command(cmd) # $ result=BAD getRemoteCommand=cmd
    return {"success": "Dangerous"}

@app.get("/bad1")
@@ -48,19 +48,19 @@ def bad2(cmd: str):
    }
    driver = NXOSDriver
    with driver(**dev_connect) as conn:
-        output = conn.send_command(cmd) # $ result=BAD getSecondaryCommand=cmd
+        output = conn.send_command(cmd) # $ result=BAD getRemoteCommand=cmd
    driver = IOSXRDriver
    with driver(**dev_connect) as conn:
-        output = conn.send_command(cmd) # $ result=BAD getSecondaryCommand=cmd
+        output = conn.send_command(cmd) # $ result=BAD getRemoteCommand=cmd
    driver = IOSXEDriver
    with driver(**dev_connect) as conn:
-        output = conn.send_command(cmd) # $ result=BAD getSecondaryCommand=cmd
+        output = conn.send_command(cmd) # $ result=BAD getRemoteCommand=cmd
    driver = EOSDriver
    with driver(**dev_connect) as conn:
-        output = conn.send_command(cmd) # $ result=BAD getSecondaryCommand=cmd
+        output = conn.send_command(cmd) # $ result=BAD getRemoteCommand=cmd
    driver = JunosDriver
    with driver(**dev_connect) as conn:
-        output = conn.send_command(cmd) # $ result=BAD getSecondaryCommand=cmd
+        output = conn.send_command(cmd) # $ result=BAD getRemoteCommand=cmd

    dev_connect = {
        "host": "65.65.65.65",
@@ -71,7 +71,7 @@ def bad2(cmd: str):
        "platform": "cisco_iosxe",
    }
    with Scrapli(**dev_connect) as conn:
-        result = conn.send_command(cmd) # $ result=BAD getSecondaryCommand=cmd
+        result = conn.send_command(cmd) # $ result=BAD getRemoteCommand=cmd

    dev_connect = {
        "host": "65.65.65.65",
@@ -81,5 +81,5 @@ def bad2(cmd: str):
        "transport": "ssh2",
    }
    with GenericDriver(**dev_connect) as conn:
-        result = conn.send_command(cmd) # $ result=BAD getSecondaryCommand=cmd
+        result = conn.send_command(cmd) # $ result=BAD getRemoteCommand=cmd
    return {"success": "Dangerous"}
--- a/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/Twisted.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/Twisted.py
@@ -13,7 +13,7 @@ app = FastAPI()
 async def bad1(cmd: bytes):
    endpoint = SSHCommandClientEndpoint.newConnection(
    reactor,
-    cmd, # $ result=BAD getSecondaryCommand=cmd  
+    cmd, # $ result=BAD getRemoteCommand=cmd  
    b"username",
    b"ssh.example.com",
    22,
@@ -21,7 +21,7 @@ async def bad1(cmd: bytes):

    SSHCommandClientEndpoint.existingConnection(
        endpoint,
-        cmd) # $ result=BAD getSecondaryCommand=cmd
+        cmd) # $ result=BAD getRemoteCommand=cmd
    
    factory = Factory()
    d = endpoint.connect(factory)
--- a/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/paramiko.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/paramiko.py
@@ -13,10 +13,10 @@ app = FastAPI()

@app.get("/bad1")
 async def bad1(cmd: str):
-    stdin, stdout, stderr = paramiko_ssh_client.exec_command(cmd)  # $ result=BAD getSecondaryCommand=cmd
+    stdin, stdout, stderr = paramiko_ssh_client.exec_command(cmd)  # $ result=BAD getRemoteCommand=cmd
    return {"success": "Dangerous"}

@app.get("/bad2")
 async def bad2(cmd: str):
-    stdin, stdout, stderr = paramiko_ssh_client.exec_command(command=cmd)  # $ result=BAD getSecondaryCommand=cmd
+    stdin, stdout, stderr = paramiko_ssh_client.exec_command(command=cmd)  # $ result=BAD getRemoteCommand=cmd
    return {"success": "Dangerous"}
--- a/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/ssh2.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/ssh2.py
@@ -14,7 +14,7 @@ session.userauth_password("user", "password")
@app.get("/bad1")
 async def bad1(cmd: str):
    channel = session.open_session()
-    channel.execute(cmd) # $ result=BAD getSecondaryCommand=cmd
+    channel.execute(cmd) # $ result=BAD getRemoteCommand=cmd
    channel.wait_eof()
    channel.close()
    channel.wait_closed()  
--- a/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/DataflowQueryTest.ql
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/DataflowQueryTest.ql
@@ -1,4 +0,0 @@
-import python
-import TestUtilities.dataflow.DataflowQueryTest
-import experimental.semmle.python.security.SecondaryServerCmdInjection
-import FromTaintTrackingConfig<SecondaryCommandInjectionConfig>
--- a/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/SecondaryServerCmdInjection.qlref
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/SecondaryServerCmdInjection.qlref
@@ -1 +0,0 @@
-experimental/Security/CWE-074/secondaryCommandInjection/SecondaryServerCmdInjection.ql
				`@@ -0,0 +1 @@`
				`experimental/Security/CWE-074/remoteCommandExecution/RemoteCommandExecution.ql`
				`@@ -1 +0,0 @@`
				`experimental/Security/CWE-074/secondaryCommandInjection/SecondaryServerCmdInjection.ql`