Merge branch 'rc/1.20' into merge-rc

python/ql/src/Security/CWE-209/StackTraceExposure.ql

@@ -19,5 +19,5 @@ import semmle.python.security.Exceptions
 import semmle.python.web.HttpResponse
 
 from TaintedPathSource src, TaintedPathSink sink
-where src.flowsTo(sink)
+where src.flowsTo(sink) and src.getSource() instanceof ErrorInfoSource
 select sink.getSink(), src, sink, "$@ may be exposed to an external user", src.getSource(), "Error information"

python/ql/src/semmle/python/security/Exceptions.qll

@@ -31,6 +31,10 @@ class ExceptionInfo extends StringKind {
 
 }
 
+/** A class representing sources of information about 
+ * execution state exposed in tracebacks and the like.
+ */
+abstract class ErrorInfoSource extends TaintSource {}
 
 /**
  * This kind represents exceptions themselves.
@@ -56,7 +60,7 @@ class ExceptionKind extends TaintKind {
  * A source of exception objects, either explicitly created, or captured by an
  * `except` statement.
  */
-class ExceptionSource extends TaintSource {
+class ExceptionSource extends ErrorInfoSource {
 
     ExceptionSource() {
         exists(ClassObject cls |
@@ -91,7 +95,7 @@ class ExceptionInfoSequence extends SequenceKind {
  * Represents calls to functions in the `traceback` module that return
  * sequences of exception information.
  */
-class CallToTracebackFunction extends TaintSource {
+class CallToTracebackFunction extends ErrorInfoSource {
 
     CallToTracebackFunction() {
         exists(string name |
@@ -120,7 +124,7 @@ class CallToTracebackFunction extends TaintSource {
  * Represents calls to functions in the `traceback` module that return a single
  * string of information about an exception.
  */
-class FormattedTracebackSource extends TaintSource {
+class FormattedTracebackSource extends ErrorInfoSource {
 
     FormattedTracebackSource() {
         this = traceback_function("format_exc").getACall()

python/ql/src/semmle/python/types/Object.qll

@@ -10,6 +10,13 @@ private cached predicate is_an_object(@py_object obj) {
         exists(@py_cobject mod_type | py_special_objects(mod_type, "ModuleType") and py_cobjecttypes(obj, mod_type)) and
         exists(Module m | py_cobjectnames(obj, m.getName()))
     )
+    and (
+        /* Exclude unmatched builtin objects in the library trap files */
+        obj instanceof ControlFlowNode or
+        py_cobjectnames(obj, _) or
+        py_cobjecttypes(obj, _) or
+        py_special_objects(obj, _)
+    )
 }
 
 /** Instances of this class represent objects in the Python program. However, since