hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python taint-tracking: Avoid ambiguous flows through calls. Fix up tests.

Browse Source
This commit is contained in:
Mark Shannon
2019-08-14 15:44:25 +01:00
parent 78ce19678a
commit d31e55f88e
8 changed files with 88 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
python/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected
View File

@@ -1,9 +1,6 @@
edges
| test.py:33:15:33:36 | exception info | test.py:34:29:34:31 | exception info |
| test.py:34:29:34:31 | exception info | test.py:36:18:36:20 | exception info |
| test.py:36:18:36:20 | exception info | test.py:37:25:37:27 | exception info |
| test.py:37:12:37:27 | exception info | test.py:34:16:34:32 | exception info |
| test.py:37:25:37:27 | exception info | test.py:37:12:37:27 | exception info |
| test.py:34:29:34:31 | exception info | test.py:34:16:34:32 | exception info |
#select
| test.py:16:16:16:37 | Attribute() | test.py:16:16:16:37 | exception info | test.py:16:16:16:37 | exception info | $@ may be exposed to an external user | test.py:16:16:16:37 | Attribute() | Error information |
| test.py:34:16:34:32 | format_error() | test.py:33:15:33:36 | exception info | test.py:34:16:34:32 | exception info | $@ may be exposed to an external user | test.py:33:15:33:36 | Attribute() | Error information |

6
python/ql/test/query-tests/Security/CWE-327/TestNode.expected
View File

@@ -6,9 +6,3 @@ WARNING: Predicate getNode has been deprecated and may be removed in future (Tes
| Taint cryptography.encryptor.RC4 | test_cryptography.py:6:17:6:34 | test_cryptography.py:6 | test_cryptography.py:6:17:6:34 | Attribute() | |
| Taint cryptography.encryptor.RC4 | test_cryptography.py:7:12:7:20 | test_cryptography.py:7 | test_cryptography.py:7:12:7:20 | encryptor | |
| Taint cryptography.encryptor.RC4 | test_cryptography.py:7:42:7:50 | test_cryptography.py:7 | test_cryptography.py:7:42:7:50 | encryptor | |
| Taint sensitive.data | test_cryptography.py:4:17:4:28 | test_cryptography.py:4 | test_cryptography.py:4:17:4:28 | get_password | |
| Taint sensitive.data | test_cryptography.py:4:17:4:30 | test_cryptography.py:4 | test_cryptography.py:4:17:4:30 | get_password() | |
| Taint sensitive.data | test_cryptography.py:7:29:7:37 | test_cryptography.py:7 | test_cryptography.py:7:29:7:37 | dangerous | |
| Taint sensitive.data | test_pycrypto.py:4:17:4:28 | test_pycrypto.py:4 | test_pycrypto.py:4:17:4:28 | get_password | |
| Taint sensitive.data | test_pycrypto.py:4:17:4:30 | test_pycrypto.py:4 | test_pycrypto.py:4:17:4:30 | get_password() | |
| Taint sensitive.data | test_pycrypto.py:6:27:6:35 | test_pycrypto.py:6 | test_pycrypto.py:6:27:6:35 | dangerous | |

4
python/ql/test/query-tests/Security/CWE-601/UrlRedirect.expected
View File

@@ -1,7 +1,5 @@
edges
| test.py:7:22:7:33 | dict of externally controlled string | test.py:7:22:7:51 | externally controlled string |
| test.py:7:22:7:51 | externally controlled string | test.py:8:21:8:26 | externally controlled string |
| test.py:15:17:15:28 | dict of externally controlled string | test.py:15:17:15:42 | externally controlled string |
| test.py:15:17:15:42 | externally controlled string | test.py:17:13:17:21 | externally controlled string |
#select
| test.py:8:21:8:26 | flask.redirect | test.py:7:22:7:33 | dict of externally controlled string | test.py:8:21:8:26 | externally controlled string | Untrusted URL redirection due to $@. | test.py:7:22:7:33 | flask.request.args | a user-provided value |
| test.py:8:21:8:26 | target | test.py:7:22:7:33 | dict of externally controlled string | test.py:8:21:8:26 | externally controlled string | Untrusted URL redirection due to $@. | test.py:7:22:7:33 | Attribute | a user-provided value |