hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-30 19:11:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
1bcaa56b1055fab2bd502f691a150871d7c11284
codeql/python/ql/test/query-tests/Security/CWE-094-CodeInjection/CodeInjection.expected
yoff 1bcaa56b10 Python: rebless second round after shared-CFG dataflow migration 
Second batch of test reblessings, capturing changes in result content
(not just toString labels):

- Framework taint/concept tests (fastapi, sqlalchemy, aiohttp, lxml,
  stdlib, django-orm): mostly gained MISSING-tainted annotations where
  the new dataflow no longer reaches sinks. Some are real taint
  regressions; left as documented failures for follow-up.

- Exception-handler tests (CWE-209-StackTraceExposure, EmptyExcept,
  CatchingBaseException, IncorrectExceptOrder, FileNotAlwaysClosed,
  FindSubclass/Find, Statements/exit/UseOfExit): the no-raise shared CFG
  abstraction does not emit ExceptionSuccessor abrupt-completion edges
  from arbitrary expressions, so except-handler bodies (and their
  exception target Names) are statically dead. Tracked separately under
  cfg-modelling-exceptions.

- Dataflow-path / control-flow node toString polish across the security
  query suite (PathInjection, CodeInjection, UnsafeUnpacking,
  UnsafeUsageOfClientSideEncryptionVersion, RequestWithoutValidation,
  ReflectedXss, CallGraph): simple-leaf nodes now stringify as their
  AST text instead of 'After X'.

- SSA / call-graph improvements (CmpTest, CallGraph/InlineCallGraphTest):
  fewer SSA mismatches between new and old; two previously-MISSING tt=
  annotations resolved.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-28 21:09:49 +00:00

38 lines
3.5 KiB
Plaintext
Raw Blame History

#select
| code_injection.py:7:10:7:13 | code | code_injection.py:1:26:1:32 | After ImportMember | code_injection.py:7:10:7:13 | code | This code execution depends on a $@. | code_injection.py:1:26:1:32 | After ImportMember | user-provided value |
| code_injection.py:8:10:8:13 | code | code_injection.py:1:26:1:32 | After ImportMember | code_injection.py:8:10:8:13 | code | This code execution depends on a $@. | code_injection.py:1:26:1:32 | After ImportMember | user-provided value |
| code_injection.py:10:10:10:12 | cmd | code_injection.py:1:26:1:32 | After ImportMember | code_injection.py:10:10:10:12 | cmd | This code execution depends on a $@. | code_injection.py:1:26:1:32 | After ImportMember | user-provided value |
| code_injection.py:21:20:21:27 | obj_name | code_injection.py:1:26:1:32 | After ImportMember | code_injection.py:21:20:21:27 | obj_name | This code execution depends on a $@. | code_injection.py:1:26:1:32 | After ImportMember | user-provided value |
edges
| code_injection.py:1:26:1:32 | After ImportMember | code_injection.py:1:26:1:32 | request | provenance | |
| code_injection.py:1:26:1:32 | request | code_injection.py:6:12:6:18 | request | provenance | |
| code_injection.py:1:26:1:32 | request | code_injection.py:18:16:18:22 | request | provenance | |
| code_injection.py:6:5:6:8 | code | code_injection.py:7:10:7:13 | code | provenance | |
| code_injection.py:6:5:6:8 | code | code_injection.py:8:10:8:13 | code | provenance | |
| code_injection.py:6:5:6:8 | code | code_injection.py:9:5:9:7 | cmd | provenance | AdditionalTaintStep |
| code_injection.py:6:12:6:18 | request | code_injection.py:6:12:6:23 | After Attribute | provenance | AdditionalTaintStep |
| code_injection.py:6:12:6:23 | After Attribute | code_injection.py:6:12:6:35 | After Attribute() | provenance | dict.get |
| code_injection.py:6:12:6:35 | After Attribute() | code_injection.py:6:5:6:8 | code | provenance | |
| code_injection.py:9:5:9:7 | cmd | code_injection.py:10:10:10:12 | cmd | provenance | |
| code_injection.py:18:5:18:12 | obj_name | code_injection.py:21:20:21:27 | obj_name | provenance | |
| code_injection.py:18:16:18:22 | request | code_injection.py:18:16:18:27 | After Attribute | provenance | AdditionalTaintStep |
| code_injection.py:18:16:18:27 | After Attribute | code_injection.py:18:16:18:38 | After Attribute() | provenance | dict.get |
| code_injection.py:18:16:18:38 | After Attribute() | code_injection.py:18:5:18:12 | obj_name | provenance | |
nodes
| code_injection.py:1:26:1:32 | After ImportMember | semmle.label | After ImportMember |
| code_injection.py:1:26:1:32 | request | semmle.label | request |
| code_injection.py:6:5:6:8 | code | semmle.label | code |
| code_injection.py:6:12:6:18 | request | semmle.label | request |
| code_injection.py:6:12:6:23 | After Attribute | semmle.label | After Attribute |
| code_injection.py:6:12:6:35 | After Attribute() | semmle.label | After Attribute() |
| code_injection.py:7:10:7:13 | code | semmle.label | code |
| code_injection.py:8:10:8:13 | code | semmle.label | code |
| code_injection.py:9:5:9:7 | cmd | semmle.label | cmd |
| code_injection.py:10:10:10:12 | cmd | semmle.label | cmd |
| code_injection.py:18:5:18:12 | obj_name | semmle.label | obj_name |
| code_injection.py:18:16:18:22 | request | semmle.label | request |
| code_injection.py:18:16:18:27 | After Attribute | semmle.label | After Attribute |
| code_injection.py:18:16:18:38 | After Attribute() | semmle.label | After Attribute() |
| code_injection.py:21:20:21:27 | obj_name | semmle.label | obj_name |
subpaths
Reference in New Issue View Git Blame Copy Permalink