mirror of
https://github.com/github/codeql.git
synced 2026-02-21 09:23:40 +01:00
cf57afd102
The example code is just copied from command injection tests, that is not too important. The important part is that `jumpStep` says there is flow from the import of `os` to `app.route()` :O
37 lines
1.1 KiB
Plaintext
37 lines
1.1 KiB
Plaintext
import python
|
|
import experimental.dataflow.DataFlow
|
|
|
|
/** Gets the EssaNode that holds the module imported by the fully qualified module name `name` */
|
|
DataFlow::EssaNode module_import(string name) {
|
|
exists(Variable var, Import imp, Alias alias |
|
|
alias = imp.getAName() and
|
|
alias.getAsname() = var.getAStore() and
|
|
(
|
|
name = alias.getValue().(ImportMember).getImportedModuleName()
|
|
or
|
|
name = alias.getValue().(ImportExpr).getImportedModuleName()
|
|
) and
|
|
result.getVar().(AssignmentDefinition).getSourceVariable() = var
|
|
)
|
|
}
|
|
|
|
query predicate os_import(DataFlow::Node node) {
|
|
node = module_import("os") and
|
|
exists(node.getLocation().getFile().getRelativePath())
|
|
}
|
|
|
|
query predicate flowstep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
|
|
os_import(nodeFrom) and
|
|
DataFlow::localFlowStep(nodeFrom, nodeTo)
|
|
}
|
|
|
|
query predicate jumpStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
|
|
os_import(nodeFrom) and
|
|
DataFlow::jumpStep(nodeFrom, nodeTo)
|
|
}
|
|
|
|
query predicate essaFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
|
|
os_import(nodeFrom) and
|
|
DataFlow::EssaFlow::essaFlowStep(nodeFrom, nodeTo)
|
|
}
|