hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 00:27:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2983295ba35225fc3261c65e12db70f63aa3f825
codeql/python/ql/lib/semmle/python/frameworks/Jmespath.qll
Andrew Eisenberg 3660c64328 Packaging: Rafactor Python core libraries 
Extract the external facing `qll` files into the codeql/python-all
query pack.
2021-08-24 13:23:45 -07:00

36 lines
1.1 KiB
Plaintext
Raw Blame History

/**
* Provides classes modeling security-relevant aspects of the `jmespath` PyPI package.
* See https://pypi.org/project/jmespath/.
*/
private import python
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.TaintTracking
private import semmle.python.Concepts
private import semmle.python.ApiGraphs
/**
* Provides models for the `jmespath` PyPI package.
* See https://pypi.org/project/jmespath/.
*/
private module Jmespath {
class JmespathAdditionalTaintSteps extends TaintTracking::AdditionalTaintStep {
override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
exists(DataFlow::CallCfgNode call |
call = API::moduleImport("jmespath").getMember("search").getACall() and
nodeFrom in [call.getArg(1), call.getArgByName("data")] and
nodeTo = call
or
call =
API::moduleImport("jmespath")
.getMember("compile")
.getReturn()
.getMember("search")
.getACall() and
nodeFrom in [call.getArg(0), call.getArgByName("value")] and
nodeTo = call
)
}
}
}
Reference in New Issue View Git Blame Copy Permalink