hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 22:44:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Replace type tracking with global data-flow

Browse Source 
This takes care of most of the false negatives from the preceding
commit.

Additionally, we add models for some known wrappers of `socket.socket`
from the `gevent` and `eventlet` packages.
This commit is contained in:
Taus
2026-03-26 14:53:18 +00:00
parent 1ecd9e83b8
commit c439fc5d45
7 changed files with 44 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces.expected
View File

@@ -3,3 +3,7 @@
| BindToAllInterfaces_test.py:17:1:17:26 | Attribute() | '0.0.0.0' binds a socket to all interfaces. |
| BindToAllInterfaces_test.py:21:1:21:11 | Attribute() | '0.0.0.0' binds a socket to all interfaces. |
| BindToAllInterfaces_test.py:26:1:26:20 | Attribute() | '::' binds a socket to all interfaces. |
| BindToAllInterfaces_test.py:39:9:39:43 | Attribute() | '0.0.0.0' binds a socket to all interfaces. |
| BindToAllInterfaces_test.py:48:1:48:20 | Attribute() | '0.0.0.0' binds a socket to all interfaces. |
| BindToAllInterfaces_test.py:53:1:53:27 | Attribute() | '0.0.0.0' binds a socket to all interfaces. |
| BindToAllInterfaces_test.py:58:1:58:27 | Attribute() | '0.0.0.0' binds a socket to all interfaces. |

8
python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces_test.py
View File

@@ -36,7 +36,7 @@ class Server:
def start(self):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((self.bind_addr, self.port)) # $ MISSING: Alert[py/bind-socket-all-network-interfaces]
s.bind((self.bind_addr, self.port)) # $ Alert[py/bind-socket-all-network-interfaces]
server = Server()
server.start()
@@ -45,14 +45,14 @@ server.start()
import os
host = os.environ.get('APP_HOST', '0.0.0.0')
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((host, 8080)) # $ MISSING: Alert[py/bind-socket-all-network-interfaces]
s.bind((host, 8080)) # $ Alert[py/bind-socket-all-network-interfaces]
# gevent.socket (alternative socket module)
from gevent import socket as gsocket
gs = gsocket.socket(gsocket.AF_INET, gsocket.SOCK_STREAM)
gs.bind(('0.0.0.0', 31137)) # $ MISSING: Alert[py/bind-socket-all-network-interfaces]
gs.bind(('0.0.0.0', 31137)) # $ Alert[py/bind-socket-all-network-interfaces]
# eventlet.green.socket (another alternative socket module)
from eventlet.green import socket as esocket
es = esocket.socket(esocket.AF_INET, esocket.SOCK_STREAM)
es.bind(('0.0.0.0', 31137)) # $ MISSING: Alert[py/bind-socket-all-network-interfaces]
es.bind(('0.0.0.0', 31137)) # $ Alert[py/bind-socket-all-network-interfaces]