hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Clean up py/insecure-protocol

Browse Source 
Going all the way to the AST layer seemed excessive to me, so I rewrote
it to do most of the logic at the data-flow layer. In principle this
_could_ result in more names being computed (due to splitting), but in
practice I don't expect this make a big difference.
This commit is contained in:
Taus
2021-06-17 19:28:12 +00:00
committed by GitHub
parent f24a9a46d9
commit c386f4a009
1 changed files with 10 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
python/ql/src/Security/CWE-327/InsecureProtocol.ql
View File

@@ -27,37 +27,34 @@ class ProtocolConfiguration extends DataFlow::Node {
unsafe_context_creation(this, _)
}
AstNode getNode() { result = this.asCfgNode().(CallNode).getFunction().getNode() }
DataFlow::Node getNode() { result = this.(DataFlow::CallCfgNode).getFunction() }
}
// Helper for pretty printer `callName`.
// This is a consequence of missing pretty priting.
// We do not want to evaluate our bespoke pretty printer
// for all `AstNode`s so we define a sub class of interesting ones.
//
// Note that AstNode is abstract and AstNode_ is a library class, so
// we have to extend @py_ast_node.
class Nameable extends @py_ast_node {
// for all `DataFlow::Node`s so we define a sub class of interesting ones.
class Nameable extends DataFlow::Node {
Nameable() {
this = any(ProtocolConfiguration pc).getNode()
or
exists(Nameable attr | this = attr.(Attribute).getObject())
this = any(Nameable attr).(DataFlow::AttrRef).getObject()
}
string toString() { result = "AstNode" }
}
string callName(Nameable call) {
result = call.(Name).getId()
result = call.asExpr().(Name).getId()
or
exists(Attribute a | a = call | result = callName(a.getObject()) + "." + a.getName())
exists(DataFlow::AttrRef a | a = call |
result = callName(a.getObject()) + "." + a.getAttributeName()
)
}
string configName(ProtocolConfiguration protocolConfiguration) {
result =
"call to " + callName(protocolConfiguration.asCfgNode().(CallNode).getFunction().getNode())
"call to " + callName(protocolConfiguration.(DataFlow::CallCfgNode).getFunction())
or
not protocolConfiguration.asCfgNode() instanceof CallNode and
not protocolConfiguration instanceof DataFlow::CallCfgNode and
not protocolConfiguration instanceof ContextCreation and
result = "context modification"
}