Python taint-tracking. Add an adapter for old 'dataflow config'.

2026-04-30 03:05:15 +02:00 · 2019-08-29 14:30:09 +01:00
parent 179f4ee88f
commit e51b797c03
3 changed files with 90 additions and 0 deletions
--- a/python/ql/src/semmle/python/security/TaintTracking.qll
+++ b/python/ql/src/semmle/python/security/TaintTracking.qll
@@ -705,6 +705,24 @@ module DataFlow {

    }

+    private class ConfigurationAdapter extends TaintTracking::Configuration {
+
+        ConfigurationAdapter() {
+            this instanceof Configuration
+        }
+
+        override predicate isSource(DataFlow::Node node, TaintKind kind) {
+            this.(Configuration).isSource(node.asCfgNode()) and
+            kind instanceof DataFlowType
+        }
+
+        override predicate isSink(DataFlow::Node node, TaintKind kind) {
+            this.(Configuration).isSink(node.asCfgNode()) and
+            kind instanceof DataFlowType
+        }
+
+    }
+
    private newtype TDataFlowNode =
        TEssaNode(EssaVariable var)
        or
--- a/python/ql/test/library-tests/taint/dataflow/Dataflow.expected
+++ b/python/ql/test/library-tests/taint/dataflow/Dataflow.expected
@@ -0,0 +1,14 @@
+| test.py:3:10:3:15 | ControlFlowNode for SOURCE | test.py:3:10:3:15 | ControlFlowNode for SOURCE |
+| test.py:6:9:6:14 | ControlFlowNode for SOURCE | test.py:7:10:7:10 | ControlFlowNode for s |
+| test.py:10:12:10:17 | ControlFlowNode for SOURCE | test.py:13:10:13:12 | ControlFlowNode for arg |
+| test.py:10:12:10:17 | ControlFlowNode for SOURCE | test.py:17:10:17:10 | ControlFlowNode for t |
+| test.py:20:9:20:14 | ControlFlowNode for SOURCE | test.py:13:10:13:12 | ControlFlowNode for arg |
+| test.py:37:13:37:18 | ControlFlowNode for SOURCE | test.py:41:14:41:14 | ControlFlowNode for t |
+| test.py:62:13:62:18 | ControlFlowNode for SOURCE | test.py:13:10:13:12 | ControlFlowNode for arg |
+| test.py:67:13:67:18 | ControlFlowNode for SOURCE | test.py:13:10:13:12 | ControlFlowNode for arg |
+| test.py:76:9:76:14 | ControlFlowNode for SOURCE | test.py:78:10:78:10 | ControlFlowNode for t |
+| test.py:108:13:108:18 | ControlFlowNode for SOURCE | test.py:112:14:112:14 | ControlFlowNode for t |
+| test.py:139:10:139:15 | ControlFlowNode for SOURCE | test.py:140:14:140:14 | ControlFlowNode for t |
+| test.py:143:9:143:14 | ControlFlowNode for SOURCE | test.py:145:10:145:10 | ControlFlowNode for s |
+| test.py:158:9:158:14 | ControlFlowNode for SOURCE | test.py:160:14:160:14 | ControlFlowNode for t |
+| test.py:158:9:158:14 | ControlFlowNode for SOURCE | test.py:166:14:166:14 | ControlFlowNode for t |
--- a/python/ql/test/library-tests/taint/dataflow/TestNode.expected
+++ b/python/ql/test/library-tests/taint/dataflow/TestNode.expected
@@ -1 +1,59 @@
 WARNING: Predicate getNode has been deprecated and may be removed in future (TestNode.ql:5,77-84)
+| Taint Data flow | test.py:3 | SOURCE |  |
+| Taint Data flow | test.py:6 | SOURCE |  |
+| Taint Data flow | test.py:7 | s |  |
+| Taint Data flow | test.py:10 | SOURCE |  |
+| Taint Data flow | test.py:12 | arg | p0 = Data flow |
+| Taint Data flow | test.py:13 | arg | p0 = Data flow |
+| Taint Data flow | test.py:16 | source() |  |
+| Taint Data flow | test.py:17 | t |  |
+| Taint Data flow | test.py:20 | SOURCE |  |
+| Taint Data flow | test.py:21 | t |  |
+| Taint Data flow | test.py:24 | source() |  |
+| Taint Data flow | test.py:25 | t |  |
+| Taint Data flow | test.py:31 | SOURCE |  |
+| Taint Data flow | test.py:37 | SOURCE |  |
+| Taint Data flow | test.py:41 | t |  |
+| Taint Data flow | test.py:44 | source() |  |
+| Taint Data flow | test.py:46 | arg | p0 = Data flow |
+| Taint Data flow | test.py:47 | arg | p0 = Data flow |
+| Taint Data flow | test.py:49 | arg | p1 = Data flow |
+| Taint Data flow | test.py:51 | arg | p1 = Data flow |
+| Taint Data flow | test.py:54 | source2() |  |
+| Taint Data flow | test.py:55 | t |  |
+| Taint Data flow | test.py:62 | SOURCE |  |
+| Taint Data flow | test.py:63 | t |  |
+| Taint Data flow | test.py:67 | SOURCE |  |
+| Taint Data flow | test.py:70 | t |  |
+| Taint Data flow | test.py:72 | arg | p0 = Data flow |
+| Taint Data flow | test.py:73 | arg | p0 = Data flow |
+| Taint Data flow | test.py:76 | SOURCE |  |
+| Taint Data flow | test.py:77 | hub() |  |
+| Taint Data flow | test.py:77 | t |  |
+| Taint Data flow | test.py:78 | t |  |
+| Taint Data flow | test.py:108 | SOURCE |  |
+| Taint Data flow | test.py:112 | t |  |
+| Taint Data flow | test.py:118 | SOURCE |  |
+| Taint Data flow | test.py:120 | t |  |
+| Taint Data flow | test.py:128 | SOURCE |  |
+| Taint Data flow | test.py:129 | t |  |
+| Taint Data flow | test.py:139 | SOURCE |  |
+| Taint Data flow | test.py:140 | t |  |
+| Taint Data flow | test.py:143 | SOURCE |  |
+| Taint Data flow | test.py:144 | s |  |
+| Taint Data flow | test.py:145 | s |  |
+| Taint Data flow | test.py:148 | SOURCE |  |
+| Taint Data flow | test.py:149 | SOURCE |  |
+| Taint Data flow | test.py:158 | SOURCE |  |
+| Taint Data flow | test.py:159 | t |  |
+| Taint Data flow | test.py:160 | t |  |
+| Taint Data flow | test.py:163 | t |  |
+| Taint Data flow | test.py:166 | t |  |
+| Taint [Data flow] | test.py:148 | List |  |
+| Taint [Data flow] | test.py:150 | l |  |
+| Taint [Data flow] | test.py:154 | l |  |
+| Taint [Data flow] | test.py:154 | list() |  |
+| Taint {Data flow} | test.py:149 | Dict |  |
+| Taint {Data flow} | test.py:151 | d |  |
+| Taint {Data flow} | test.py:155 | d |  |
+| Taint {Data flow} | test.py:155 | dict() |  |