hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Treat os.exec*, os.spawn*, and os.posix_spawn* as FileSystemAccess

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2021-11-29 11:52:49 +01:00
parent d2d5cce787
commit e79b8f3e23
2 changed files with 38 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
python/ql/lib/semmle/python/frameworks/Stdlib.qll
View File

@@ -467,7 +467,8 @@ private module StdlibPrivate {
* A call to any of the `os.exec*` functions
* See https://docs.python.org/3.8/library/os.html#os.execl
*/
private class OsExecCall extends SystemCommandExecution::Range, DataFlow::CallCfgNode {
private class OsExecCall extends SystemCommandExecution::Range, FileSystemAccess::Range,
DataFlow::CallCfgNode {
OsExecCall() {
exists(string name |
name in ["execl", "execle", "execlp", "execlpe", "execv", "execve", "execvp", "execvpe"] and
@@ -476,13 +477,16 @@ private module StdlibPrivate {
}
override DataFlow::Node getCommand() { result = this.getArg(0) }
override DataFlow::Node getAPathArgument() { result = this.getCommand() }
}
/**
* A call to any of the `os.spawn*` functions
* See https://docs.python.org/3.8/library/os.html#os.spawnl
*/
private class OsSpawnCall extends SystemCommandExecution::Range, DataFlow::CallCfgNode {
private class OsSpawnCall extends SystemCommandExecution::Range, FileSystemAccess::Range,
DataFlow::CallCfgNode {
OsSpawnCall() {
exists(string name |
name in [
@@ -499,16 +503,21 @@ private module StdlibPrivate {
// over-approximation is not hurting anyone, and is easy to implement.
result = this.getArgByName("file")
}
override DataFlow::Node getAPathArgument() { result = this.getCommand() }
}
/**
* A call to any of the `os.posix_spawn*` functions
* See https://docs.python.org/3.8/library/os.html#os.posix_spawn
*/
private class OsPosixSpawnCall extends SystemCommandExecution::Range, DataFlow::CallCfgNode {
private class OsPosixSpawnCall extends SystemCommandExecution::Range, FileSystemAccess::Range,
DataFlow::CallCfgNode {
OsPosixSpawnCall() { this = os().getMember(["posix_spawn", "posix_spawnp"]).getACall() }
override DataFlow::Node getCommand() { result in [this.getArg(0), this.getArgByName("path")] }
override DataFlow::Node getAPathArgument() { result = this.getCommand() }
}
/** An additional taint step for calls to `os.path.join` */