hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 05:01:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2bd4ccee45d1935ca615735f190ddc5b311dc6f4
codeql/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationCustomizations.qll
yoff 3dbfb9fa4b python: add machinery for MaD barriers 
and reinstate previously removed barrier
now as a MaD row
2026-01-22 17:30:24 +01:00

69 lines
2.1 KiB
Plaintext
Raw Blame History

/**
* Provides default sources, sinks and sanitizers for detecting
* "code execution from deserialization"
* vulnerabilities, as well as extension points for adding your own.
*/
private import python
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.Concepts
private import semmle.python.dataflow.new.RemoteFlowSources
private import semmle.python.dataflow.new.BarrierGuards
private import semmle.python.frameworks.data.ModelsAsData
/**
* Provides default sources, sinks and sanitizers for detecting
* "code execution from deserialization"
* vulnerabilities, as well as extension points for adding your own.
*/
module UnsafeDeserialization {
/**
* A data flow source for "code execution from deserialization" vulnerabilities.
*/
abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for "code execution from deserialization" vulnerabilities.
*/
abstract class Sink extends DataFlow::Node { }
/**
* A sanitizer for "code execution from deserialization" vulnerabilities.
*/
abstract class Sanitizer extends DataFlow::Node { }
/**
* DEPRECATED: Use `ActiveThreatModelSource` from Concepts instead!
*/
deprecated class RemoteFlowSourceAsSource = ActiveThreatModelSourceAsSource;
/**
* An active threat-model source, considered as a flow source.
*/
private class ActiveThreatModelSourceAsSource extends Source, ActiveThreatModelSource { }
/**
* An insecure decoding, considered as a flow sink.
*/
class InsecureDecodingAsSink extends Sink {
InsecureDecodingAsSink() {
exists(Decoding d |
d.mayExecuteInput() and
this = d.getAnInput()
)
}
}
private class SinkFromModel extends Sink {
SinkFromModel() { ModelOutput::sinkNode(this, "unsafe-deserialization") }
}
/**
* A comparison with a constant, considered as a sanitizer-guard.
*/
class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }
/** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */
deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;
}
Reference in New Issue View Git Blame Copy Permalink