hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Copying the response data to the archive

Browse Source
This commit is contained in:
ALJI Mohamed
2022-12-10 08:15:42 +01:00
parent 545aab0e07
commit eff132512c
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql
View File

@@ -53,6 +53,15 @@ class UnsafeUnpackingConfig extends TaintTracking::Configuration {
nodeTo = is.(CallCfgNode).getArg(0)
)
or
// Copying the response data to the archive
exists(Stdlib::FileLikeObject::InstanceSource is, Node f, MethodCallNode mc |
is.flowsTo(f) and
mc = API::moduleImport("shutil").getMember("copyfileobj").getACall() and
f = mc.getArg(1) and
nodeFrom = mc.getArg(0) and
nodeTo = is.(CallCfgNode).getArg(0)
)
or
// Reading the response
exists(MethodCallNode mc |
nodeFrom = mc.getObject() and
@@ -60,8 +69,8 @@ class UnsafeUnpackingConfig extends TaintTracking::Configuration {
mc.flowsTo(nodeTo)
)
or
// Accessing the name
exists(AttrRead ar | ar.accesses(nodeFrom, "name") and nodeTo = ar)
// Accessing the name or raw content
exists(AttrRead ar | ar.accesses(nodeFrom, ["name","raw"]) and nodeTo = ar)
or
// Considering the use of closing()
exists(API::Node closing |