hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python taint-tracking. Fix bug in legacy API.

Browse Source
This commit is contained in:
Mark Shannon
2019-08-13 15:01:22 +01:00
parent 7c4a18eee3
commit fe9c9d479d
5 changed files with 59 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/src/semmle/python/security/TaintTracking.qll
View File

@@ -318,7 +318,7 @@ class DictKind extends CollectionKind {
Implementation::copyCall(fromnode, tonode) and this = fromkind
or
tonode.(CallNode).getFunction().pointsTo(ObjectInternal::builtin("dict")) and
tonode.(CallNode).getArg(0) = fromnode
tonode.(CallNode).getArg(0) = fromnode and this = fromkind
or
dict_construct(fromnode, tonode) and this.getValue() = fromkind
}
@@ -430,11 +430,13 @@ abstract class TaintSource extends @py_flow_node {
final predicate flowsToSink(TaintKind srckind, TaintSink sink) {
exists(TaintedNode src, TaintedNode tsink |
src = this.getATaintNode() and
src.getTaintKind() = srckind and
src.getASuccessor*() = tsink and
this.isSourceOf(srckind, _) and
sink = tsink.getCfgNode() and
sink.sinks(tsink.getTaintKind()) and
tsink.getPath().noAttribute()
tsink.getPath().noAttribute() and
tsink.isSink()
)
}