hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

python: Flow summaries based on type tracking

Browse Source 
Two classes have been inserted into the hierarchies:

- `NonLibraryDataFlowCallable` with a method `getACall2`.
This method implements "get a call, not considering flow summaries".
For `NonLibraryDataFlowCallable`s, `getACall` will defer to `getACall2`.
While you could have a synthesised call to such a callable,
it would not correspond to a `CallNode`.

- `NonLibraryDataFlowSourceCall` with methods
`getArg2` and `getCallable2`. These also refer to a call graph that
does not consider flow summaries.

`getArg2` is used to synthesise pre-update nodes for arguments.

`getCallable2` is used in `connects` to compute argument passing.
This is used to define data flow nodes for overflow arguments.

`getACall2` ensures that `LibraryCallableValue::getACall` is not called
when the charpred of `FunctionCall` is evaluated.
This commit is contained in:
yoff
2022-04-20 09:12:33 +00:00
committed by GitHub
parent 506efcf051
commit f14ee0e794
7 changed files with 69 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll
View File

@@ -50,7 +50,7 @@ deprecated class SafeExternalAPI = SafeExternalApi;
/** The default set of "safe" external APIs. */
private class DefaultSafeExternalApi extends SafeExternalApi {
override DataFlowPrivate::DataFlowCallable getSafeCallable() {
override DataFlowPrivate::NonLibraryDataFlowCallable getSafeCallable() {
exists(CallableValue cv | cv = result.getCallableValue() |
cv = Value::named(["len", "isinstance", "getattr", "hasattr"])
or
@@ -66,7 +66,7 @@ private class DefaultSafeExternalApi extends SafeExternalApi {
/** A node representing data being passed to an external API through a call. */
class ExternalApiDataNode extends DataFlow::Node {
DataFlowPrivate::DataFlowSourceCall call;
DataFlowPrivate::DataFlowCallable callable;
DataFlowPrivate::NonLibraryDataFlowCallable callable;
int i;
ExternalApiDataNode() {
@@ -152,7 +152,7 @@ class ExternalApiUsedWithUntrustedData extends TExternalApi {
/** Gets a textual representation of this element. */
string toString() {
exists(
DataFlowPrivate::DataFlowCallable callable, int index, string callableString,
DataFlowPrivate::NonLibraryDataFlowCallable callable, int index, string callableString,
string indexString
|
this = TExternalApiParameter(callable, index) and