mirror of
https://github.com/github/codeql.git
synced 2025-12-19 18:33:16 +01:00
f07a7bf8cf
Will need subsequent PRs fixing up test failures (due to deprecated methods moving around), but other than that everything should be straight-forward.
45 lines
1.4 KiB
Plaintext
45 lines
1.4 KiB
Plaintext
import python
|
|
import semmle.python.dataflow.TaintTracking
|
|
import semmle.python.security.strings.Untrusted
|
|
import semmle.python.security.Exceptions
|
|
|
|
class SimpleSource extends TaintSource {
|
|
SimpleSource() { this.(NameNode).getId() = "TAINTED_STRING" }
|
|
|
|
override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringKind }
|
|
|
|
override string toString() { result = "taint source" }
|
|
}
|
|
|
|
class ListSource extends TaintSource {
|
|
ListSource() { this.(NameNode).getId() = "TAINTED_LIST" }
|
|
|
|
override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringSequenceKind }
|
|
|
|
override string toString() { result = "list taint source" }
|
|
}
|
|
|
|
class DictSource extends TaintSource {
|
|
DictSource() { this.(NameNode).getId() = "TAINTED_DICT" }
|
|
|
|
override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringDictKind }
|
|
|
|
override string toString() { result = "dict taint source" }
|
|
}
|
|
|
|
class ExceptionInfoSource extends TaintSource {
|
|
ExceptionInfoSource() { this.(NameNode).getId() = "TAINTED_EXCEPTION_INFO" }
|
|
|
|
override predicate isSourceOf(TaintKind kind) { kind instanceof ExceptionInfo }
|
|
|
|
override string toString() { result = "Exception info source" }
|
|
}
|
|
|
|
class ExternalFileObjectSource extends TaintSource {
|
|
ExternalFileObjectSource() { this.(NameNode).getId() = "TAINTED_FILE" }
|
|
|
|
override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalFileObject }
|
|
|
|
override string toString() { result = "Tainted file source" }
|
|
}
|