hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7143 from RasmusWL/path-improvements

Browse Source 
Python: Model `posixpath` and `os.stat`
This commit is contained in:
yoff
2021-11-24 11:36:06 +01:00
committed by GitHub
parent a3b263ee6e a980f26fda
commit f9729bccef
4 changed files with 51 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
python/ql/lib/semmle/python/frameworks/Stdlib.qll
View File

@@ -254,7 +254,17 @@ private module StdlibPrivate {
/** Provides models for the `os` module. */
module os {
/** Gets a reference to the `os.path` module. */
API::Node path() { result = os().getMember("path") }
API::Node path() {
result = os().getMember("path")
or
// although the following modules should not be used directly, they certainly can.
// Each one doesn't expose the full `os.path` API, so this is an overapproximation
// that made implementation easy. See
// - https://github.com/python/cpython/blob/b567b9d74bd9e476a3027335873bb0508d6e450f/Lib/posixpath.py#L31-L38
// - https://github.com/python/cpython/blob/b567b9d74bd9e476a3027335873bb0508d6e450f/Lib/ntpath.py#L26-L32
// - https://github.com/python/cpython/blob/b567b9d74bd9e476a3027335873bb0508d6e450f/Lib/genericpath.py#L9-L11
result = API::moduleImport(["posixpath", "ntpath", "genericpath"])
}
/** Provides models for the `os.path` module */
module path {
@@ -263,6 +273,29 @@ private module StdlibPrivate {
}
}
/**
* The `os` module has multiple methods for getting the status of a file, like
* a stat() system call.
*
* Note: `os.fstat` and `os.fstatvfs` operate on file-descriptors.
*
* See:
* - https://docs.python.org/3.10/library/os.html#os.stat
* - https://docs.python.org/3.10/library/os.html#os.lstat
* - https://docs.python.org/3.10/library/os.html#os.statvfs
* - https://docs.python.org/3.10/library/os.html#os.fstat
* - https://docs.python.org/3.10/library/os.html#os.fstatvfs
*/
private class OsProbingCall extends FileSystemAccess::Range, DataFlow::CallCfgNode {
OsProbingCall() {
this = os().getMember(["stat", "lstat", "statvfs", "fstat", "fstatvfs"]).getACall()
}
override DataFlow::Node getAPathArgument() {
result in [this.getArg(0), this.getArgByName("path")]
}
}
/**
* The `os.path` module offers a number of methods for checking if a file exists and/or has certain
* properties, leading to a file system access.