The current PAM auth bypass query which was contributed by me a few months back, alert on a vulenrable function but does not check if the function is actually function. This leads to a lot of fasle positives.
With this PR, I add a taint-tracking configuration to check if the username parameter can actually be supplied by an attacker.
This should bring the FP's significantly down.
This was causing issues with imports with many "dots" in the name.
Previously, the test added in this commit would not have the desired
result for the `check` call.
This was due to bad manual magic: restricting the attribute name makes
sense when we're talking about submodules of a package, but it doesn't
when we're talking about reexported modules.
Also (hopefully) fixes the tests so that the Python 3-specific bits are
ignored under Python 2.
Extends the tests to
1. Account parts of the test code that may be specific to Python 2 or 3,
2. Also track which arguments passed to `check` are references to
modules.
The latter revealed a bunch of spurious results, which I have annotated
accordingly.
I could have sworn I added all of them to the batch, but somehow these slipped through.
Co-authored-by: yoff <lerchedahl@gmail.com>
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
I ported the predicates showing difference between points-to and
type-tracking, since it's helpful to see the list of differences,
instead of having to parse expectations!
note how the test file is partially annotated
and those annotations can now be expressed
In this particular test file, absolute line numbers
might have been better than relative ones.
We might remove line numbers altogether,
but should check more querries to see how it looks.
I don't see the value from this, so just going to outright delete it.
(it actually stayed alive for quite some time in the original git history,
but never seemed to be that useful.)
The selected edges is covered by `NormalDataflowTest.ql` now... and
reading the test-output changes in `edges` is just going to make commits
larger while not providing any real value.
I initially created this as a dataflow test, but then realized it could
just be an ESSA test. I cound't find any existing ESSA tests though :|
so created a new dir for it.
