add test

2025-12-18 01:33:15 +01:00 · 2022-02-28 20:34:58 +08:00
parent b23e28a1e6
commit be40b54b9f
26 changed files with 109 additions and 38 deletions
--- a/python/ql/lib/semmle/python/frameworks/Aiohttp.qll
+++ b/python/ql/lib/semmle/python/frameworks/Aiohttp.qll
@@ -644,7 +644,7 @@ module AiohttpWebModel {
 * Provides models for the web server part (`aiohttp.client`) of the `aiohttp` PyPI package.
 * See https://docs.aiohttp.org/en/stable/client.html
 */
-module AiohttpClientModel {
+private module AiohttpClientModel {
  /**
   * Provides models for the `aiohttp.ClientSession` class
   *
@@ -668,7 +668,7 @@ module AiohttpClientModel {
        this = instance().getMember(methodName).getACall()
      }

-      DataFlow::Node getUrlArg() {
+      override DataFlow::Node getAUrlPart() {
        result = this.getArgByName("url")
        or
        not methodName = "request" and
@@ -678,13 +678,12 @@ module AiohttpClientModel {
        result = this.getArg(1)
      }

-      override DataFlow::Node getAUrlPart() { result = this.getUrlArg() }
-
      override string getFramework() { result = "aiohttp.ClientSession" }

      override predicate disablesCertificateValidation(
        DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
      ) {
+        // TODO: Look into disabling certificate validation
        none()
      }
    }
--- a/python/ql/lib/semmle/python/frameworks/Httpx.qll
+++ b/python/ql/lib/semmle/python/frameworks/Httpx.qll
@@ -20,7 +20,7 @@ module HttpxModel {
      this = API::moduleImport("httpx").getMember(methodName).getACall()
    }

-    DataFlow::Node getUrlArg() {
+    override DataFlow::Node getAUrlPart() {
      result = this.getArgByName("url")
      or
      not methodName = "request" and
@@ -30,13 +30,12 @@ module HttpxModel {
      result = this.getArg(1)
    }

-    override DataFlow::Node getAUrlPart() { result = this.getUrlArg() }
-
    override string getFramework() { result = "httpx" }

    override predicate disablesCertificateValidation(
      DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
    ) {
+      // TODO: Look into disabling certificate validation
      none()
    }
  }
@@ -64,7 +63,7 @@ module HttpxModel {
        this = instance().getMember(methodName).getACall()
      }

-      DataFlow::Node getUrlArg() {
+      override DataFlow::Node getAUrlPart() {
        result = this.getArgByName("url")
        or
        not methodName = "request" and
@@ -74,13 +73,12 @@ module HttpxModel {
        result = this.getArg(1)
      }

-      override DataFlow::Node getAUrlPart() { result = this.getUrlArg() }
-
      override string getFramework() { result = "httpx.[Async]Client" }

      override predicate disablesCertificateValidation(
        DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
      ) {
+        // TODO: Look into disabling certificate validation
        none()
      }
    }
--- a/python/ql/lib/semmle/python/frameworks/Libtaxii.qll
+++ b/python/ql/lib/semmle/python/frameworks/Libtaxii.qll
@@ -22,15 +22,14 @@ module Libtaxii {
      this.getArgByName("allow_url").asExpr().toString() = "True"
    }

-    DataFlow::Node getUrlArg() { result in [this.getArg(0), this.getArgByName("s")] }
-
-    override DataFlow::Node getAUrlPart() { result = this.getUrlArg() }
+    override DataFlow::Node getAUrlPart() { result in [this.getArg(0), this.getArgByName("s")] }

    override string getFramework() { result = "libtaxii.common.parse" }

    override predicate disablesCertificateValidation(
      DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
    ) {
+      // TODO: Look into disabling certificate validation
      none()
    }
  }
--- a/python/ql/lib/semmle/python/frameworks/Pycurl.qll
+++ b/python/ql/lib/semmle/python/frameworks/Pycurl.qll
@@ -25,7 +25,7 @@ module Pycurl {
    private API::Node instance() { result = classRef().getReturn() }

    /**
-     * When the first parameter value of the `setopt` function is set to `pycurl.URL`, 
+     * When the first parameter value of the `setopt` function is set to `pycurl.URL`,
     * the second parameter value is the request resource link.
     *
     * See https://pycurl.io/docs/latest/curl.html#set_option.
@@ -36,15 +36,16 @@ module Pycurl {
        this.getArg(0).asCfgNode().(AttrNode).getName() = "URL"
      }

-      DataFlow::Node getUrlArg() { result in [this.getArg(1), this.getArgByName("value")] }
-
-      override DataFlow::Node getAUrlPart() { result = this.getUrlArg() }
+      override DataFlow::Node getAUrlPart() {
+        result in [this.getArg(1), this.getArgByName("value")]
+      }

      override string getFramework() { result = "pycurl.Curl" }

      override predicate disablesCertificateValidation(
        DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
      ) {
+        // TODO: Look into disabling certificate validation
        none()
      }
    }
--- a/python/ql/lib/semmle/python/frameworks/Urllib.qll
+++ b/python/ql/lib/semmle/python/frameworks/Urllib.qll
@@ -27,15 +27,14 @@ module Urllib {
        this = API::moduleImport("urllib").getMember("request").getMember("Request").getACall()
      }

-      DataFlow::Node getUrlArg() { result in [this.getArg(0), this.getArgByName("url")] }
-
-      override DataFlow::Node getAUrlPart() { result = this.getUrlArg() }
+      override DataFlow::Node getAUrlPart() { result in [this.getArg(0), this.getArgByName("url")] }

      override string getFramework() { result = "urllib.request.Request" }

      override predicate disablesCertificateValidation(
        DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
      ) {
+        // TODO: Look into disabling certificate validation
        none()
      }
    }
@@ -49,15 +48,14 @@ module Urllib {
        this = API::moduleImport("urllib").getMember("request").getMember("urlopen").getACall()
      }

-      DataFlow::Node getUrlArg() { result in [this.getArg(0), this.getArgByName("url")] }
-
-      override DataFlow::Node getAUrlPart() { result = this.getUrlArg() }
+      override DataFlow::Node getAUrlPart() { result in [this.getArg(0), this.getArgByName("url")] }

      override string getFramework() { result = "urllib.request.urlopen" }

      override predicate disablesCertificateValidation(
        DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
      ) {
+        // TODO: Look into disabling certificate validation
        none()
      }
    }
--- a/python/ql/lib/semmle/python/frameworks/Urllib2.qll
+++ b/python/ql/lib/semmle/python/frameworks/Urllib2.qll
@@ -17,19 +17,16 @@ module Urllib2 {
   * - https://docs.python.org/2/library/urllib2.html#urllib2.Request
   */
  private class RequestCall extends HTTP::Client::Request::Range, DataFlow::CallCfgNode {
-    RequestCall() {
-      this = API::moduleImport("urllib2").getMember("Request").getACall()
-    }
+    RequestCall() { this = API::moduleImport("urllib2").getMember("Request").getACall() }

-    DataFlow::Node getUrlArg() { result in [this.getArg(0), this.getArgByName("url")] }
-
-    override DataFlow::Node getAUrlPart() { result = this.getUrlArg() }
+    override DataFlow::Node getAUrlPart() { result in [this.getArg(0), this.getArgByName("url")] }

    override string getFramework() { result = "urllib2.Request" }

    override predicate disablesCertificateValidation(
      DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
    ) {
+      // TODO: Look into disabling certificate validation
      none()
    }
  }
@@ -41,15 +38,14 @@ module Urllib2 {
  private class UrlOpenCall extends HTTP::Client::Request::Range, DataFlow::CallCfgNode {
    UrlOpenCall() { this = API::moduleImport("urllib2").getMember("urlopen").getACall() }

-    DataFlow::Node getUrlArg() { result in [this.getArg(0), this.getArgByName("url")] }
-
-    override DataFlow::Node getAUrlPart() { result = this.getUrlArg() }
+    override DataFlow::Node getAUrlPart() { result in [this.getArg(0), this.getArgByName("url")] }

    override string getFramework() { result = "urllib2.urlopen" }

    override predicate disablesCertificateValidation(
      DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
    ) {
+      // TODO: Look into disabling certificate validation
      none()
    }
  }
--- a/python/ql/lib/semmle/python/frameworks/Urllib3.qll
+++ b/python/ql/lib/semmle/python/frameworks/Urllib3.qll
@@ -30,15 +30,14 @@ module Urllib3 {
          instance().getMember(["request", "request_encode_url", "request_encode_body"]).getACall()
      }

-      DataFlow::Node getUrlArg() { result in [this.getArg(1), this.getArgByName("url")] }
-
-      override DataFlow::Node getAUrlPart() { result = this.getUrlArg() }
+      override DataFlow::Node getAUrlPart() { result in [this.getArg(1), this.getArgByName("url")] }

      override string getFramework() { result = "urllib3.PoolManager" }

      override predicate disablesCertificateValidation(
        DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
      ) {
+        // TODO: Look into disabling certificate validation
        none()
      }
    }
@@ -46,15 +45,14 @@ module Urllib3 {
    private class UrlOpenCall extends HTTP::Client::Request::Range, DataFlow::CallCfgNode {
      UrlOpenCall() { this = instance().getMember("urlopen").getACall() }

-      DataFlow::Node getUrlArg() { result in [this.getArg(1), this.getArgByName("url")] }
-
-      override DataFlow::Node getAUrlPart() { result = this.getUrlArg() }
+      override DataFlow::Node getAUrlPart() { result in [this.getArg(1), this.getArgByName("url")] }

      override string getFramework() { result = "urllib3.PoolManager" }

      override predicate disablesCertificateValidation(
        DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
      ) {
+        // TODO: Look into disabling certificate validation
        none()
      }
    }