hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Add additional taint steps for copy

Browse Source 
deepcopy was already handled somehow, don't really know how :D
This commit is contained in:
Rasmus Wriedt Larsen
2020-08-26 19:31:11 +02:00
parent b974dadca1
commit e2a89aa296
2 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
python/ql/src/experimental/dataflow/internal/TaintTrackingPrivate.qll
View File

@@ -34,6 +34,8 @@ predicate localAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeT
jsonStep(nodeFrom, nodeTo)
or
containerStep(nodeFrom, nodeTo)
or
copyStep(nodeFrom, nodeTo)
}
/**
@@ -172,3 +174,19 @@ predicate containerStep(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
call.getFunction().(AttrNode).getObject(name) = nodeFrom.getNode()
)
}
/**
* Holds if taint can flow from `nodeFrom` to `nodeTo` with a step related to copying.
*/
predicate copyStep(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
exists(CallNode call | call = nodeTo.getNode() |
// Fully qualified: copy.copy, copy.deepcopy
(
call.getFunction().(NameNode).getId() in ["copy", "deepcopy"]
or
call.getFunction().(AttrNode).getObject("copy").(NameNode).getId() in ["copy", "deepcopy"]
) and
call.getArg(0) = nodeFrom.getNode()
)
}