mirror of
https://github.com/github/codeql.git
synced 2026-04-30 11:15:13 +02:00
Merge branch 'master' into python-keyword-only-args
This commit is contained in:
Rasmus Wriedt Larsen
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
class SimpleSource extends TaintSource {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import Taint
|
||||
|
||||
from Call call, Expr arg, string taint_string
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
| test.py:12:1:12:24 | class C | The class 'C' does not override $@, but adds the new attribute $@. | test.py:9:5:9:28 | Function __eq__ | '__eq__' | test.py:15:9:15:14 | Attribute | a |
|
||||
| test.py:12:1:12:24 | class C | The class 'C' does not override $@, but adds the new attribute $@. | test.py:9:5:9:28 | Function __eq__ | '__eq__' | test.py:15:17:15:22 | Attribute | b |
|
||||
| test.py:12:1:12:24 | class C | The class 'C' does not override $@, but adds the new attribute $@. | test.py:9:5:9:28 | Function RedefineEquals.__eq__ | '__eq__' | test.py:15:9:15:14 | Attribute | a |
|
||||
| test.py:12:1:12:24 | class C | The class 'C' does not override $@, but adds the new attribute $@. | test.py:9:5:9:28 | Function RedefineEquals.__eq__ | '__eq__' | test.py:15:17:15:22 | Attribute | b |
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
| 19 | 0 | ControlFlowNode for w | Function f |
|
||||
| 19 | 1 | ControlFlowNode for x | Function f |
|
||||
| 19 | 2 | ControlFlowNode for y | Function f |
|
||||
| 21 | 0 | ControlFlowNode for y | Function f |
|
||||
| 21 | 1 | ControlFlowNode for w | Function f |
|
||||
| 21 | 2 | ControlFlowNode for z | Function f |
|
||||
| 23 | 0 | ControlFlowNode for c | Function f |
|
||||
| 23 | 1 | ControlFlowNode for w | Function f |
|
||||
| 23 | 2 | ControlFlowNode for z | Function f |
|
||||
| 24 | 0 | ControlFlowNode for c | Function n |
|
||||
| 24 | 1 | ControlFlowNode for x | Function n |
|
||||
| 25 | 0 | ControlFlowNode for y | Function n |
|
||||
| 25 | 1 | ControlFlowNode for z | Function n |
|
||||
| 33 | 0 | ControlFlowNode for IntegerLiteral | Function foo |
|
||||
| 34 | 0 | ControlFlowNode for IntegerLiteral | Function foo |
|
||||
@@ -1,5 +0,0 @@
|
||||
import python
|
||||
|
||||
from ControlFlowNode arg, FunctionObject func, int i
|
||||
where arg = func.getArgumentForCall(_, i)
|
||||
select arg.getLocation().getStartLine(), i, arg.toString(), func.toString()
|
||||
@@ -1,7 +0,0 @@
|
||||
| 19 | ControlFlowNode for f() | Function f |
|
||||
| 21 | ControlFlowNode for f() | Function f |
|
||||
| 23 | ControlFlowNode for Attribute() | Function f |
|
||||
| 24 | ControlFlowNode for Attribute() | Function n |
|
||||
| 25 | ControlFlowNode for Attribute() | Function n |
|
||||
| 33 | ControlFlowNode for Attribute() | Function foo |
|
||||
| 34 | ControlFlowNode for Attribute() | Function foo |
|
||||
@@ -0,0 +1,19 @@
|
||||
| 19 | ControlFlowNode for f() | Function f |
|
||||
| 21 | ControlFlowNode for f() | Function f |
|
||||
| 22 | ControlFlowNode for C() | class C |
|
||||
| 23 | ControlFlowNode for Attribute() | Method(Function f, C()) |
|
||||
| 24 | ControlFlowNode for Attribute() | Method(Function C.n, C()) |
|
||||
| 25 | ControlFlowNode for Attribute() | Function C.n |
|
||||
| 29 | ControlFlowNode for staticmethod() | builtin-class staticmethod |
|
||||
| 33 | ControlFlowNode for Attribute() | Function D.foo |
|
||||
| 34 | ControlFlowNode for Attribute() | Function D.foo |
|
||||
| 34 | ControlFlowNode for D() | class D |
|
||||
| 37 | ControlFlowNode for Attribute() | Method(builtin method append, List) |
|
||||
| 38 | ControlFlowNode for len() | Builtin-function len |
|
||||
| 40 | ControlFlowNode for f() | Function f |
|
||||
| 41 | ControlFlowNode for C() | class C |
|
||||
| 42 | ControlFlowNode for Attribute() | Method(Function C.n, C()) |
|
||||
| 45 | ControlFlowNode for open() | Builtin-function open |
|
||||
| 46 | ControlFlowNode for open() | Builtin-function open |
|
||||
| 51 | ControlFlowNode for foo() | Function foo |
|
||||
| 55 | ControlFlowNode for bar() | Function bar |
|
||||
@@ -0,0 +1,5 @@
|
||||
import python
|
||||
|
||||
from CallNode call, Value func
|
||||
where call.getFunction().pointsTo(func)
|
||||
select call.getLocation().getStartLine(), call.toString(), func.toString()
|
||||
@@ -0,0 +1,23 @@
|
||||
| 19 | ControlFlowNode for f() | Function f |
|
||||
| 21 | ControlFlowNode for f() | Function f |
|
||||
| 22 | ControlFlowNode for C() | class C |
|
||||
| 23 | ControlFlowNode for Attribute() | Function f |
|
||||
| 23 | ControlFlowNode for Attribute() | Method(Function f, C()) |
|
||||
| 24 | ControlFlowNode for Attribute() | Function C.n |
|
||||
| 24 | ControlFlowNode for Attribute() | Method(Function C.n, C()) |
|
||||
| 25 | ControlFlowNode for Attribute() | Function C.n |
|
||||
| 29 | ControlFlowNode for staticmethod() | builtin-class staticmethod |
|
||||
| 33 | ControlFlowNode for Attribute() | Function D.foo |
|
||||
| 34 | ControlFlowNode for Attribute() | Function D.foo |
|
||||
| 34 | ControlFlowNode for D() | class D |
|
||||
| 37 | ControlFlowNode for Attribute() | Method(builtin method append, List) |
|
||||
| 37 | ControlFlowNode for Attribute() | builtin method append |
|
||||
| 38 | ControlFlowNode for len() | Builtin-function len |
|
||||
| 40 | ControlFlowNode for f() | Function f |
|
||||
| 41 | ControlFlowNode for C() | class C |
|
||||
| 42 | ControlFlowNode for Attribute() | Function C.n |
|
||||
| 42 | ControlFlowNode for Attribute() | Method(Function C.n, C()) |
|
||||
| 45 | ControlFlowNode for open() | Builtin-function open |
|
||||
| 46 | ControlFlowNode for open() | Builtin-function open |
|
||||
| 51 | ControlFlowNode for foo() | Function foo |
|
||||
| 55 | ControlFlowNode for bar() | Function bar |
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
|
||||
from ControlFlowNode call, FunctionObject func
|
||||
from ControlFlowNode call, Value func
|
||||
where call = func.getACall()
|
||||
select call.getLocation().getStartLine(), call.toString(), func.toString()
|
||||
@@ -0,0 +1,34 @@
|
||||
| 19 | ControlFlowNode for f() | Function f | 0 | ControlFlowNode for w |
|
||||
| 19 | ControlFlowNode for f() | Function f | 1 | ControlFlowNode for x |
|
||||
| 19 | ControlFlowNode for f() | Function f | 2 | ControlFlowNode for y |
|
||||
| 21 | ControlFlowNode for f() | Function f | 0 | ControlFlowNode for y |
|
||||
| 21 | ControlFlowNode for f() | Function f | 1 | ControlFlowNode for w |
|
||||
| 21 | ControlFlowNode for f() | Function f | 2 | ControlFlowNode for z |
|
||||
| 23 | ControlFlowNode for Attribute() | Function f | 0 | ControlFlowNode for c |
|
||||
| 23 | ControlFlowNode for Attribute() | Function f | 1 | ControlFlowNode for w |
|
||||
| 23 | ControlFlowNode for Attribute() | Function f | 2 | ControlFlowNode for z |
|
||||
| 23 | ControlFlowNode for Attribute() | Method(Function f, C()) | 0 | ControlFlowNode for w |
|
||||
| 23 | ControlFlowNode for Attribute() | Method(Function f, C()) | 1 | ControlFlowNode for z |
|
||||
| 24 | ControlFlowNode for Attribute() | Function C.n | 0 | ControlFlowNode for c |
|
||||
| 24 | ControlFlowNode for Attribute() | Function C.n | 1 | ControlFlowNode for x |
|
||||
| 24 | ControlFlowNode for Attribute() | Method(Function C.n, C()) | 0 | ControlFlowNode for x |
|
||||
| 25 | ControlFlowNode for Attribute() | Function C.n | 0 | ControlFlowNode for y |
|
||||
| 25 | ControlFlowNode for Attribute() | Function C.n | 1 | ControlFlowNode for z |
|
||||
| 33 | ControlFlowNode for Attribute() | Function D.foo | 0 | ControlFlowNode for IntegerLiteral |
|
||||
| 34 | ControlFlowNode for Attribute() | Function D.foo | 0 | ControlFlowNode for IntegerLiteral |
|
||||
| 37 | ControlFlowNode for Attribute() | Method(builtin method append, List) | 0 | ControlFlowNode for IntegerLiteral |
|
||||
| 37 | ControlFlowNode for Attribute() | builtin method append | 0 | ControlFlowNode for l |
|
||||
| 37 | ControlFlowNode for Attribute() | builtin method append | 1 | ControlFlowNode for IntegerLiteral |
|
||||
| 38 | ControlFlowNode for len() | Builtin-function len | 0 | ControlFlowNode for l |
|
||||
| 40 | ControlFlowNode for f() | Function f | 0 | ControlFlowNode for IntegerLiteral |
|
||||
| 40 | ControlFlowNode for f() | Function f | 1 | ControlFlowNode for IntegerLiteral |
|
||||
| 40 | ControlFlowNode for f() | Function f | 2 | ControlFlowNode for IntegerLiteral |
|
||||
| 42 | ControlFlowNode for Attribute() | Function C.n | 0 | ControlFlowNode for c |
|
||||
| 42 | ControlFlowNode for Attribute() | Function C.n | 1 | ControlFlowNode for IntegerLiteral |
|
||||
| 42 | ControlFlowNode for Attribute() | Method(Function C.n, C()) | 0 | ControlFlowNode for IntegerLiteral |
|
||||
| 45 | ControlFlowNode for open() | Builtin-function open | 0 | ControlFlowNode for Str |
|
||||
| 45 | ControlFlowNode for open() | Builtin-function open | 1 | ControlFlowNode for Str |
|
||||
| 51 | ControlFlowNode for foo() | Function foo | 0 | ControlFlowNode for IntegerLiteral |
|
||||
| 51 | ControlFlowNode for foo() | Function foo | 1 | ControlFlowNode for IntegerLiteral |
|
||||
| 51 | ControlFlowNode for foo() | Function foo | 2 | ControlFlowNode for IntegerLiteral |
|
||||
| 55 | ControlFlowNode for bar() | Function bar | 0 | ControlFlowNode for IntegerLiteral |
|
||||
@@ -0,0 +1,5 @@
|
||||
import python
|
||||
|
||||
from CallNode call, CallableValue callable, int i
|
||||
select call.getLocation().getStartLine(), call.toString(), callable.toString(), i,
|
||||
callable.getArgumentForCall(call, i).toString()
|
||||
@@ -0,0 +1,31 @@
|
||||
| 19 | ControlFlowNode for f() | Function f | arg0 | ControlFlowNode for w |
|
||||
| 19 | ControlFlowNode for f() | Function f | arg1 | ControlFlowNode for x |
|
||||
| 19 | ControlFlowNode for f() | Function f | arg2 | ControlFlowNode for y |
|
||||
| 21 | ControlFlowNode for f() | Function f | arg0 | ControlFlowNode for y |
|
||||
| 21 | ControlFlowNode for f() | Function f | arg1 | ControlFlowNode for w |
|
||||
| 21 | ControlFlowNode for f() | Function f | arg2 | ControlFlowNode for z |
|
||||
| 23 | ControlFlowNode for Attribute() | Function f | arg1 | ControlFlowNode for w |
|
||||
| 23 | ControlFlowNode for Attribute() | Function f | arg2 | ControlFlowNode for z |
|
||||
| 23 | ControlFlowNode for Attribute() | Function f | self | ControlFlowNode for c |
|
||||
| 23 | ControlFlowNode for Attribute() | Method(Function f, C()) | arg1 | ControlFlowNode for w |
|
||||
| 23 | ControlFlowNode for Attribute() | Method(Function f, C()) | arg2 | ControlFlowNode for z |
|
||||
| 24 | ControlFlowNode for Attribute() | Function C.n | arg1 | ControlFlowNode for x |
|
||||
| 24 | ControlFlowNode for Attribute() | Function C.n | self | ControlFlowNode for c |
|
||||
| 24 | ControlFlowNode for Attribute() | Method(Function C.n, C()) | arg1 | ControlFlowNode for x |
|
||||
| 25 | ControlFlowNode for Attribute() | Function C.n | arg1 | ControlFlowNode for z |
|
||||
| 25 | ControlFlowNode for Attribute() | Function C.n | self | ControlFlowNode for y |
|
||||
| 33 | ControlFlowNode for Attribute() | Function D.foo | arg | ControlFlowNode for IntegerLiteral |
|
||||
| 34 | ControlFlowNode for Attribute() | Function D.foo | arg | ControlFlowNode for IntegerLiteral |
|
||||
| 37 | ControlFlowNode for Attribute() | builtin method append | self | ControlFlowNode for l |
|
||||
| 40 | ControlFlowNode for f() | Function f | arg0 | ControlFlowNode for IntegerLiteral |
|
||||
| 40 | ControlFlowNode for f() | Function f | arg1 | ControlFlowNode for IntegerLiteral |
|
||||
| 40 | ControlFlowNode for f() | Function f | arg2 | ControlFlowNode for IntegerLiteral |
|
||||
| 42 | ControlFlowNode for Attribute() | Function C.n | arg1 | ControlFlowNode for IntegerLiteral |
|
||||
| 42 | ControlFlowNode for Attribute() | Function C.n | self | ControlFlowNode for c |
|
||||
| 42 | ControlFlowNode for Attribute() | Method(Function C.n, C()) | arg1 | ControlFlowNode for IntegerLiteral |
|
||||
| 46 | ControlFlowNode for open() | Builtin-function open | file | ControlFlowNode for Str |
|
||||
| 46 | ControlFlowNode for open() | Builtin-function open | mode | ControlFlowNode for Str |
|
||||
| 51 | ControlFlowNode for foo() | Function foo | a | ControlFlowNode for IntegerLiteral |
|
||||
| 55 | ControlFlowNode for bar() | Function bar | a | ControlFlowNode for IntegerLiteral |
|
||||
| 55 | ControlFlowNode for bar() | Function bar | b | ControlFlowNode for IntegerLiteral |
|
||||
| 55 | ControlFlowNode for bar() | Function bar | c | ControlFlowNode for IntegerLiteral |
|
||||
@@ -0,0 +1,5 @@
|
||||
import python
|
||||
|
||||
from CallNode call, CallableValue callable, string name
|
||||
select call.getLocation().getStartLine(), call.toString(), callable.toString(), name,
|
||||
callable.getNamedArgumentForCall(call, name).toString()
|
||||
@@ -0,0 +1,12 @@
|
||||
| Function C.n | 0 | ControlFlowNode for self |
|
||||
| Function C.n | 1 | ControlFlowNode for arg1 |
|
||||
| Function D.foo | 0 | ControlFlowNode for arg |
|
||||
| Function bar | 0 | ControlFlowNode for a |
|
||||
| Function f | 0 | ControlFlowNode for arg0 |
|
||||
| Function f | 1 | ControlFlowNode for arg1 |
|
||||
| Function f | 2 | ControlFlowNode for arg2 |
|
||||
| Function foo | 0 | ControlFlowNode for a |
|
||||
| Method(Function C.n, C()) | 0 | ControlFlowNode for arg1 |
|
||||
| Method(Function C.n, class C) | 0 | ControlFlowNode for arg1 |
|
||||
| Method(Function f, C()) | 0 | ControlFlowNode for arg1 |
|
||||
| Method(Function f, C()) | 1 | ControlFlowNode for arg2 |
|
||||
@@ -0,0 +1,4 @@
|
||||
import python
|
||||
|
||||
from CallableValue callable, int i
|
||||
select callable.toString(), i, callable.getParameter(i).toString()
|
||||
@@ -0,0 +1,12 @@
|
||||
| Function C.n | arg1 | ControlFlowNode for arg1 |
|
||||
| Function C.n | self | ControlFlowNode for self |
|
||||
| Function D.foo | arg | ControlFlowNode for arg |
|
||||
| Function bar | a | ControlFlowNode for a |
|
||||
| Function f | arg0 | ControlFlowNode for arg0 |
|
||||
| Function f | arg1 | ControlFlowNode for arg1 |
|
||||
| Function f | arg2 | ControlFlowNode for arg2 |
|
||||
| Function foo | a | ControlFlowNode for a |
|
||||
| Method(Function C.n, C()) | arg1 | ControlFlowNode for arg1 |
|
||||
| Method(Function C.n, class C) | arg1 | ControlFlowNode for arg1 |
|
||||
| Method(Function f, C()) | arg1 | ControlFlowNode for arg1 |
|
||||
| Method(Function f, C()) | arg2 | ControlFlowNode for arg2 |
|
||||
@@ -0,0 +1,4 @@
|
||||
import python
|
||||
|
||||
from CallableValue callable, string name
|
||||
select callable.toString(), name, callable.getParameterByName(name).toString()
|
||||
@@ -32,3 +32,24 @@ class D(object):
|
||||
|
||||
D.foo(1)
|
||||
D().foo(2)
|
||||
|
||||
l = [1,2,3]
|
||||
l.append(4)
|
||||
len(l)
|
||||
|
||||
f(arg0=0, arg1=1, arg2=2)
|
||||
c = C()
|
||||
c.n(arg1=1)
|
||||
|
||||
# positional/keyword arguments for a builtin function
|
||||
open("foo.txt", "rb") # TODO: Not handled by getNamedArgumentForCall
|
||||
open(file="foo.txt", mode="rb")
|
||||
|
||||
# Testing how arguments to *args and **kwargs are handled
|
||||
def foo(a, *args):
|
||||
pass
|
||||
foo(1, 2, 3)
|
||||
|
||||
def bar(a, **kwargs):
|
||||
pass
|
||||
bar(a=1, b=2, c=3)
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
class SimpleSource extends TaintSource {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import Taint
|
||||
|
||||
from
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
class SimpleSource extends TaintSource {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import Taint
|
||||
|
||||
from TaintedNode n, TaintedNode s
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import Taint
|
||||
|
||||
from Call call, Expr arg, string taint_string
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
*/
|
||||
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import TaintLib
|
||||
import semmle.python.security.Paths
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
*/
|
||||
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import TaintLib
|
||||
import semmle.python.security.Paths
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
|
||||
class SimpleTest extends TaintKind {
|
||||
SimpleTest() { this = "simple.test" }
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import TaintLib
|
||||
import semmle.python.dataflow.Implementation
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import semmle.python.dataflow.Implementation
|
||||
import TaintLib
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import TaintLib
|
||||
|
||||
from TestConfig config, DataFlow::Node sink, TaintKind kind
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import TaintLib
|
||||
|
||||
from TestConfig config, DataFlow::Node source, TaintKind kind
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import TaintLib
|
||||
import semmle.python.dataflow.Implementation
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import semmle.python.dataflow.Implementation
|
||||
import DilbertConfig
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import semmle.python.dataflow.Implementation
|
||||
import DilbertConfig
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
|
||||
class SimpleTest extends TaintKind {
|
||||
SimpleTest() { this = "simple.test" }
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
class FooSource extends TaintSource {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
/* Standard library sink */
|
||||
import semmle.python.security.injection.Command
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
|
||||
class SimpleTest extends TaintKind {
|
||||
SimpleTest() { this = "simple.test" }
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import TaintLib
|
||||
|
||||
from Sanitizer s, TaintKind taint, PyEdgeRefinement test
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import TaintLib
|
||||
|
||||
from TaintSource src, TaintSink sink, TaintKind srckind, TaintKind sinkkind
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import TaintLib
|
||||
|
||||
from TaintSource src, TaintKind kind
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import TaintLib
|
||||
|
||||
from TaintedNode n, TaintedNode s
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import TaintLib
|
||||
|
||||
from Call call, Expr arg, string taint_string
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
class SimpleSource extends TaintSource {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import Taint
|
||||
|
||||
from Call call, Expr arg, string taint_string
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import semmle.python.security.strings.Untrusted
|
||||
import semmle.python.security.Exceptions
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import Taint
|
||||
|
||||
from TaintedNode n, TaintedNode s
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import Taint
|
||||
|
||||
from Call call, Expr arg, string taint_string
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
class SimpleSource extends TaintSource {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import Taint
|
||||
|
||||
from TaintedNode n, TaintedNode s
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import Taint
|
||||
|
||||
from Call call, Expr arg, string taint_string
|
||||
|
||||
@@ -6,3 +6,11 @@
|
||||
| test.py:41:26:41:53 | flask.response.argument | externally controlled string |
|
||||
| test.py:46:12:46:62 | flask.routed.response | externally controlled string |
|
||||
| test.py:46:26:46:61 | flask.response.argument | externally controlled string |
|
||||
| test.py:50:12:50:48 | flask.routed.response | externally controlled string |
|
||||
| test.py:50:26:50:47 | flask.response.argument | externally controlled string |
|
||||
| test.py:54:12:54:53 | flask.routed.response | externally controlled string |
|
||||
| test.py:54:26:54:52 | flask.response.argument | externally controlled string |
|
||||
| test.py:60:12:60:62 | flask.routed.response | externally controlled string |
|
||||
| test.py:60:26:60:61 | flask.response.argument | externally controlled string |
|
||||
| test.py:64:12:64:58 | flask.routed.response | externally controlled string |
|
||||
| test.py:64:26:64:57 | flask.response.argument | externally controlled string |
|
||||
|
||||
@@ -3,3 +3,7 @@
|
||||
| test.py:35:16:35:27 | Attribute | {externally controlled string} |
|
||||
| test.py:40:18:40:29 | Attribute | {externally controlled string} |
|
||||
| test.py:45:18:45:29 | Attribute | {externally controlled string} |
|
||||
| test.py:49:11:49:14 | name | externally controlled string |
|
||||
| test.py:53:9:53:15 | subpath | externally controlled string |
|
||||
| test.py:59:24:59:26 | bar | externally controlled string |
|
||||
| test.py:63:13:63:21 | lang_code | externally controlled string |
|
||||
|
||||
@@ -1,6 +1,10 @@
|
||||
| / | Function hello |
|
||||
| / | Function hello_world |
|
||||
| /complex/<string(length=2):lang_code> | Function complex |
|
||||
| /dangerous | Function dangerous |
|
||||
| /dangerous-with-cfg-split | Function dangerous2 |
|
||||
| /foo/<path:subpath> | Function foo |
|
||||
| /hello/<name> | Function hello |
|
||||
| /multiple/bar/<bar> | Function multiple |
|
||||
| /safe | Function safe |
|
||||
| /the/ | Function get |
|
||||
| /unsafe | Function unsafe |
|
||||
|
||||
@@ -15,3 +15,19 @@
|
||||
| test.py:45 | Attribute() | externally controlled string |
|
||||
| test.py:46 | first_name | externally controlled string |
|
||||
| test.py:46 | make_response() | flask.Response |
|
||||
| test.py:49 | name | externally controlled string |
|
||||
| test.py:50 | BinaryExpr | externally controlled string |
|
||||
| test.py:50 | make_response() | flask.Response |
|
||||
| test.py:50 | name | externally controlled string |
|
||||
| test.py:53 | subpath | externally controlled string |
|
||||
| test.py:54 | BinaryExpr | externally controlled string |
|
||||
| test.py:54 | make_response() | flask.Response |
|
||||
| test.py:54 | subpath | externally controlled string |
|
||||
| test.py:59 | bar | externally controlled string |
|
||||
| test.py:60 | Attribute() | externally controlled string |
|
||||
| test.py:60 | bar | externally controlled string |
|
||||
| test.py:60 | make_response() | flask.Response |
|
||||
| test.py:63 | lang_code | externally controlled string |
|
||||
| test.py:64 | Attribute() | externally controlled string |
|
||||
| test.py:64 | lang_code | externally controlled string |
|
||||
| test.py:64 | make_response() | flask.Response |
|
||||
|
||||
@@ -4,7 +4,7 @@ from flask import Flask, request, make_response
|
||||
app = Flask(__name__)
|
||||
|
||||
@app.route("/")
|
||||
def hello():
|
||||
def hello_world():
|
||||
return "Hello World!"
|
||||
|
||||
from flask.views import MethodView
|
||||
@@ -44,3 +44,24 @@ def unsafe():
|
||||
def safe():
|
||||
first_name = request.args.get('name', '')
|
||||
return make_response("Your name is " + escape(first_name))
|
||||
|
||||
@app.route('/hello/<name>')
|
||||
def hello(name):
|
||||
return make_response("Your name is " + name)
|
||||
|
||||
@app.route('/foo/<path:subpath>')
|
||||
def foo(subpath):
|
||||
return make_response("The subpath is " + subpath)
|
||||
|
||||
@app.route('/multiple/') # TODO: not recognized as route
|
||||
@app.route('/multiple/foo/<foo>') # TODO: not recognized as route
|
||||
@app.route('/multiple/bar/<bar>')
|
||||
def multiple(foo=None, bar=None):
|
||||
return make_response("foo={!r} bar={!r}".format(foo, bar))
|
||||
|
||||
@app.route('/complex/<string(length=2):lang_code>')
|
||||
def complex(lang_code):
|
||||
return make_response("lang_code {}".format(lang_code))
|
||||
|
||||
if __name__ == "__main__":
|
||||
app.run(debug=True)
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
|
||||
@@ -1 +1 @@
|
||||
| attr_eq_test.py:21:1:21:27 | class BadColorPoint | The class 'BadColorPoint' does not override $@, but adds the new attribute $@. | attr_eq_test.py:10:5:10:28 | Function __eq__ | '__eq__' | attr_eq_test.py:25:9:25:19 | Attribute | _color |
|
||||
| attr_eq_test.py:21:1:21:27 | class BadColorPoint | The class 'BadColorPoint' does not override $@, but adds the new attribute $@. | attr_eq_test.py:10:5:10:28 | Function Point.__eq__ | '__eq__' | attr_eq_test.py:25:9:25:19 | Attribute | _color |
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import python
|
||||
import semmle.python.security.TaintTracking
|
||||
import semmle.python.dataflow.TaintTracking
|
||||
import python
|
||||
import semmle.python.security.SensitiveData
|
||||
import semmle.python.security.Crypto
|
||||
|
||||
Reference in New Issue
Block a user