mirror of
https://github.com/github/codeql.git
synced 2026-04-29 18:55:14 +02:00
Merge branch 'main' into flask-clean-models
This commit is contained in:
Rasmus Wriedt Larsen
208
python/.vscode/ql.code-snippets
vendored
208
python/.vscode/ql.code-snippets
vendored
@@ -105,8 +105,8 @@
|
||||
"scope": "ql",
|
||||
"prefix": "type tracking",
|
||||
"body": [
|
||||
"/** Gets a reference to a ${3:thing}. */",
|
||||
"private DataFlow::Node ${1:myType}(DataFlow::TypeTracker t) {",
|
||||
"/** Gets a reference to ${3:a thing}. */",
|
||||
"private DataFlow::LocalSourceNode ${1:myType}(DataFlow::TypeTracker t) {",
|
||||
" t.start() and",
|
||||
" result = ${2:value}",
|
||||
" or",
|
||||
@@ -115,100 +115,14 @@
|
||||
" )",
|
||||
"}",
|
||||
"",
|
||||
"/** Gets a reference to a ${3:thing}. */",
|
||||
"/** Gets a reference to $3. */",
|
||||
"DataFlow::Node $1() {",
|
||||
" result = $1(DataFlow::TypeTracker::end())",
|
||||
" $1(DataFlow::TypeTracker::end()).flowsTo(result)",
|
||||
"}"
|
||||
],
|
||||
"description": "Type tracking predicate",
|
||||
},
|
||||
|
||||
"Type tracking module": {
|
||||
"scope": "ql",
|
||||
"prefix": "type tracking module",
|
||||
"body": [
|
||||
"// ---------------------------------------------------------------------------",
|
||||
"// ${1:modulename}",
|
||||
"// ---------------------------------------------------------------------------",
|
||||
"/** Gets a reference to the `$1` module. */",
|
||||
"private DataFlow::Node $1(DataFlow::TypeTracker t) {",
|
||||
" t.start() and",
|
||||
" result = DataFlow::importNode(\"$1\")",
|
||||
" or",
|
||||
" exists(DataFlow::TypeTracker t2 | result = $1(t2).track(t2, t))",
|
||||
"}",
|
||||
"",
|
||||
"/** Gets a reference to the `$1` module. */",
|
||||
"DataFlow::Node $1() { result = $1(DataFlow::TypeTracker::end()) }",
|
||||
"",
|
||||
"/**",
|
||||
" * Gets a reference to the attribute `attr_name` of the `$1` module.",
|
||||
" * WARNING: Only holds for a few predefined attributes.",
|
||||
" */",
|
||||
"private DataFlow::Node $1_attr(DataFlow::TypeTracker t, string attr_name) {",
|
||||
" attr_name in [\"${2:name}\"] and",
|
||||
" (",
|
||||
" t.start() and",
|
||||
" result = DataFlow::importNode(\"$1\" + \".\" + attr_name)",
|
||||
" or",
|
||||
" t.startInAttr(attr_name) and",
|
||||
" result = $1()",
|
||||
" )",
|
||||
" or",
|
||||
" // Due to bad performance when using normal setup with `$1_attr(t2, attr_name).track(t2, t)`",
|
||||
" // we have inlined that code and forced a join",
|
||||
" exists(DataFlow::TypeTracker t2 |",
|
||||
" exists(DataFlow::StepSummary summary |",
|
||||
" $1_attr_first_join(t2, attr_name, result, summary) and",
|
||||
" t = t2.append(summary)",
|
||||
" )",
|
||||
" )",
|
||||
"}",
|
||||
"",
|
||||
"pragma[nomagic]",
|
||||
"private predicate $1_attr_first_join(",
|
||||
" DataFlow::TypeTracker t2, string attr_name, DataFlow::Node res, DataFlow::StepSummary summary",
|
||||
") {",
|
||||
" DataFlow::StepSummary::step($1_attr(t2, attr_name), res, summary)",
|
||||
"}",
|
||||
"",
|
||||
"/**",
|
||||
" * Gets a reference to the attribute `attr_name` of the `$1` module.",
|
||||
" * WARNING: Only holds for a few predefined attributes.",
|
||||
" */",
|
||||
"private DataFlow::Node $1_attr(string attr_name) {",
|
||||
" result = $1_attr(DataFlow::TypeTracker::end(), attr_name)",
|
||||
"}",
|
||||
"",
|
||||
"/** Provides models for the `$1` module. */",
|
||||
"module $1 {",
|
||||
"",
|
||||
"}",
|
||||
],
|
||||
"description": "Type tracking module",
|
||||
},
|
||||
|
||||
"Type tracking module member": {
|
||||
"scope": "ql",
|
||||
"prefix": "type tracking module member",
|
||||
"body": [
|
||||
"/** Gets a reference to the `${1:module}.${2:member}` ${3:object/class}. */",
|
||||
"private DataFlow::Node ${4:$2}(DataFlow::TypeTracker t) {",
|
||||
" t.start() and",
|
||||
" result = DataFlow::importNode(\"$1.$2\")",
|
||||
" or",
|
||||
" t.startInAttr(\"$2\") and",
|
||||
" result = $1()",
|
||||
" or",
|
||||
" exists(DataFlow::TypeTracker t2 | result = $4(t2).track(t2, t))",
|
||||
"}",
|
||||
" ",
|
||||
"/** Gets a reference to the `$1.$2` $3. */",
|
||||
"DataFlow::Node $4() { result = $4(DataFlow::TypeTracker::end()) }",
|
||||
],
|
||||
"description": "Type tracking module member",
|
||||
},
|
||||
|
||||
"Taint tracking configuration": {
|
||||
"scope": "ql",
|
||||
"prefix": "taint tracking",
|
||||
@@ -238,118 +152,4 @@
|
||||
]
|
||||
},
|
||||
|
||||
"Type tracking submodule": {
|
||||
"scope": "ql",
|
||||
"prefix": "type tracking submodule",
|
||||
"body": [
|
||||
" // -------------------------------------------------------------------------",
|
||||
" // ${1:parent}.${2:submodule}",
|
||||
" // -------------------------------------------------------------------------",
|
||||
" /** Gets a reference to the `$1.$2` module. */",
|
||||
" DataFlow::Node $2() { result = $1_attr(\"$2\") }",
|
||||
"",
|
||||
" /** Provides models for the `$1.$2` module */",
|
||||
" module $2 {",
|
||||
" /**",
|
||||
" * Gets a reference to the attribute `attr_name` of the `$1.$2` module.",
|
||||
" * WARNING: Only holds for a few predefined attributes.",
|
||||
" */",
|
||||
" private DataFlow::Node $2_attr(DataFlow::TypeTracker t, string attr_name) {",
|
||||
" attr_name in [\"$3\"] and",
|
||||
" (",
|
||||
" t.start() and",
|
||||
" result = DataFlow::importNode(\"$1.$2\" + \".\" + attr_name)",
|
||||
" or",
|
||||
" t.startInAttr(attr_name) and",
|
||||
" result = $2()",
|
||||
" )",
|
||||
" or",
|
||||
" // Due to bad performance when using normal setup with `$2_attr(t2, attr_name).track(t2, t)`",
|
||||
" // we have inlined that code and forced a join",
|
||||
" exists(DataFlow::TypeTracker t2 |",
|
||||
" exists(DataFlow::StepSummary summary |",
|
||||
" $2_attr_first_join(t2, attr_name, result, summary) and",
|
||||
" t = t2.append(summary)",
|
||||
" )",
|
||||
" )",
|
||||
" }",
|
||||
"",
|
||||
" pragma[nomagic]",
|
||||
" private predicate $2_attr_first_join(",
|
||||
" DataFlow::TypeTracker t2, string attr_name, DataFlow::Node res,",
|
||||
" DataFlow::StepSummary summary",
|
||||
" ) {",
|
||||
" DataFlow::StepSummary::step($2_attr(t2, attr_name), res, summary)",
|
||||
" }",
|
||||
"",
|
||||
" /**",
|
||||
" * Gets a reference to the attribute `attr_name` of the `$1.$2` module.",
|
||||
" * WARNING: Only holds for a few predefined attributes.",
|
||||
" */",
|
||||
" private DataFlow::Node $2_attr(string attr_name) {",
|
||||
" result = $2_attr(DataFlow::TypeTracker::end(), attr_name)",
|
||||
" }",
|
||||
" }",
|
||||
],
|
||||
"description": "Type tracking submodule",
|
||||
},
|
||||
|
||||
"Type tracking class": {
|
||||
"scope": "ql",
|
||||
"prefix": "type tracking class",
|
||||
"body": [
|
||||
" /**",
|
||||
" * Provides models for the `${1:module}.${2:classname}` class",
|
||||
" *",
|
||||
" * See ${6:apiref}.",
|
||||
" */",
|
||||
" module $2 {",
|
||||
" /** Gets a reference to the `$1.$2` class. */",
|
||||
" private DataFlow::Node classRef(DataFlow::TypeTracker t) {",
|
||||
" t.start() and",
|
||||
" result = ${4:module}_attr(\"$2\")",
|
||||
" or",
|
||||
" // TODO: remove/expand this part of the template as needed",
|
||||
" // Handle `${5:toplevel}.$2` alias",
|
||||
" t.start() and",
|
||||
" result = $5_attr(\"$2\")",
|
||||
" or",
|
||||
" exists(DataFlow::TypeTracker t2 | result = classRef(t2).track(t2, t))",
|
||||
" }",
|
||||
"",
|
||||
" /** Gets a reference to the `$1.$2` class. */",
|
||||
" DataFlow::Node classRef() { result = classRef(DataFlow::TypeTracker::end()) }",
|
||||
"",
|
||||
" /**",
|
||||
" * A source of instances of `$1.$2`, extend this class to model new instances.",
|
||||
" *",
|
||||
" * This can include instantiations of the class, return values from function",
|
||||
" * calls, or a special parameter that will be set when functions are called by an external",
|
||||
" * library.",
|
||||
" *",
|
||||
" * Use the predicate `$2::instance()` to get references to instances of `$1.$2`.",
|
||||
" */",
|
||||
" abstract class InstanceSource extends DataFlow::Node { }",
|
||||
"",
|
||||
" /** A direct instantiation of `$1.$2`. */",
|
||||
" private class ClassInstantiation extends InstanceSource, DataFlow::CfgNode {",
|
||||
" override CallNode node;",
|
||||
"",
|
||||
" ClassInstantiation() { node.getFunction() = classRef().asCfgNode() }",
|
||||
" }",
|
||||
"",
|
||||
" /** Gets a reference to an instance of `$1.$2`. */",
|
||||
" private DataFlow::Node instance(DataFlow::TypeTracker t) {",
|
||||
" t.start() and",
|
||||
" result instanceof InstanceSource",
|
||||
" or",
|
||||
" exists(DataFlow::TypeTracker t2 | result = instance(t2).track(t2, t))",
|
||||
" }",
|
||||
"",
|
||||
" /** Gets a reference to an instance of `$1.$2`. */",
|
||||
" DataFlow::Node instance() { result = instance(DataFlow::TypeTracker::end()) }",
|
||||
" }",
|
||||
],
|
||||
"description": "Type tracking class",
|
||||
},
|
||||
}
|
||||
|
||||
@@ -36,7 +36,7 @@
|
||||
example uses AES, which is a stronger modern algorithm.
|
||||
</p>
|
||||
|
||||
<sample src="examples/weak_crypto_algorithm.py" />
|
||||
<sample src="examples/broken_crypto.py" />
|
||||
|
||||
<p>
|
||||
WARNING: Although the second example above is more robust,
|
||||
@@ -180,7 +180,7 @@ private newtype TTypeTracker = MkTypeTracker(Boolean hasCall, OptionalAttributeN
|
||||
* It is recommended that all uses of this type are written in the following form,
|
||||
* for tracking some type `myType`:
|
||||
* ```
|
||||
* DataFlow::Node myType(DataFlow::TypeTracker t) {
|
||||
* DataFlow::LocalSourceNode myType(DataFlow::TypeTracker t) {
|
||||
* t.start() and
|
||||
* result = < source of myType >
|
||||
* or
|
||||
@@ -189,7 +189,7 @@ private newtype TTypeTracker = MkTypeTracker(Boolean hasCall, OptionalAttributeN
|
||||
* )
|
||||
* }
|
||||
*
|
||||
* DataFlow::Node myType() { result = myType(DataFlow::TypeTracker::end()) }
|
||||
* DataFlow::Node myType() { myType(DataFlow::TypeTracker::end()).flowsTo(result) }
|
||||
* ```
|
||||
*
|
||||
* Instead of `result = myType(t2).track(t2, t)`, you can also use the equivalent
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
Security/BadPractice/BindToAllInterfaces/BindToAllInterfaces.ql
|
||||
@@ -1 +0,0 @@
|
||||
Security/BadPractice/FlaskRunWithDebug/FlaskDebug.ql
|
||||
@@ -1 +0,0 @@
|
||||
semmle-extractor-options: --max-import-depth=2 -p ../../lib
|
||||
@@ -1 +0,0 @@
|
||||
Security/BadPractice/HTTPSRequestWithoutCertValidation/HTTPSRequestWithoutCertValidation.ql
|
||||
@@ -1 +0,0 @@
|
||||
semmle-extractor-options: -p ../../lib --max-import-depth=3
|
||||
@@ -1 +0,0 @@
|
||||
Security/BadPractice/HardcodedCredentials/HardcodedCredentials.ql
|
||||
@@ -1 +0,0 @@
|
||||
Security/BadPractice/IncompleteUrlSanitizer/IncompleteHostnameRegExp.ql
|
||||
@@ -1 +0,0 @@
|
||||
Security/BadPractice/IncompleteUrlSanitizer/IncompleteUrlSubstringSanitization.ql
|
||||
@@ -1 +0,0 @@
|
||||
Security/BadPractice/InsecureTemporaryFile/InsecureTemporaryFile.ql
|
||||
@@ -1 +0,0 @@
|
||||
semmle-extractor-options: -p ../../lib --max-import-depth=3
|
||||
@@ -1 +0,0 @@
|
||||
Security/BadPractice/Jinja2RenderWithoutEscape/Jinja2WithoutEscaping.ql
|
||||
@@ -1 +0,0 @@
|
||||
Security/BadPractice/SSHMissingHostKeyValidation/SSHMissingHostKeyValidation.ql
|
||||
@@ -1 +0,0 @@
|
||||
semmle-extractor-options: -p ../../lib --max-import-depth=3
|
||||
@@ -1 +0,0 @@
|
||||
Security/BadPractice/WeakFilePermissions/WeakFilePermissions.ql
|
||||
@@ -1 +0,0 @@
|
||||
semmle-extractor-options: --max-import-depth=2 -p ../../lib
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user