Python: Model file threat-model

2026-04-23 15:55:18 +02:00 · 2024-08-12 15:18:18 +02:00
parent 66f389a4b6
commit d245db54a1
4 changed files with 31 additions and 12 deletions
--- a/python/ql/lib/semmle/python/frameworks/Stdlib.model.yml
+++ b/python/ql/lib/semmle/python/frameworks/Stdlib.model.yml
@@ -17,6 +17,8 @@ extensions:

      # if no argument is given, the default is to use sys.argv[1:]
      - ['argparse.ArgumentParser', 'Member[parse_args,parse_known_args].WithArity[0].ReturnValue', 'commandargs']
+
+      - ['os', 'Member[read].ReturnValue', 'file']
  - addsTo:
      pack: codeql/python-all
      extensible: summaryModel
--- a/python/ql/lib/semmle/python/frameworks/Stdlib.qll
+++ b/python/ql/lib/semmle/python/frameworks/Stdlib.qll
@@ -1499,13 +1499,17 @@ module StdlibPrivate {
   * See https://docs.python.org/3/library/functions.html#open
   */
  private class OpenCall extends FileSystemAccess::Range, Stdlib::FileLikeObject::InstanceSource,
-    DataFlow::CallCfgNode
+    ThreatModelSource::Range, DataFlow::CallCfgNode
  {
    OpenCall() { this = getOpenFunctionRef().getACall() }

    override DataFlow::Node getAPathArgument() {
      result in [this.getArg(0), this.getArgByName("file")]
    }
+
+    override string getThreatModel() { result = "file" }
+
+    override string getSourceType() { result = "open()" }
  }

  /**