mirror of
https://github.com/github/codeql.git
synced 2025-12-24 12:46:34 +01:00
52 lines
1.8 KiB
Plaintext
52 lines
1.8 KiB
Plaintext
// /**
|
|
// * @kind path-problem
|
|
// */
|
|
import python
|
|
import semmle.python.dataflow.new.DataFlow
|
|
import semmle.python.dataflow.new.TaintTracking
|
|
import TestUtilities.InlineExpectationsTest
|
|
import semmle.python.dataflow.new.SensitiveDataSources
|
|
private import semmle.python.ApiGraphs
|
|
|
|
module SensitiveDataSourcesTest implements TestSig {
|
|
string getARelevantTag() { result in ["SensitiveDataSource", "SensitiveUse"] }
|
|
|
|
predicate hasActualResult(Location location, string element, string tag, string value) {
|
|
exists(location.getFile().getRelativePath()) and
|
|
exists(SensitiveDataSource source |
|
|
location = source.getLocation() and
|
|
element = source.toString() and
|
|
value = source.getClassification() and
|
|
tag = "SensitiveDataSource"
|
|
or
|
|
exists(DataFlow::Node use |
|
|
any(SensitiveUseConfiguration config).hasFlow(source, use) and
|
|
location = use.getLocation() and
|
|
element = use.toString() and
|
|
value = source.getClassification() and
|
|
tag = "SensitiveUse"
|
|
)
|
|
)
|
|
}
|
|
}
|
|
|
|
import MakeTest<SensitiveDataSourcesTest>
|
|
|
|
class SensitiveUseConfiguration extends TaintTracking::Configuration {
|
|
SensitiveUseConfiguration() { this = "SensitiveUseConfiguration" }
|
|
|
|
override predicate isSource(DataFlow::Node node) { node instanceof SensitiveDataSource }
|
|
|
|
override predicate isSink(DataFlow::Node node) {
|
|
node = API::builtin("print").getACall().getArg(_)
|
|
}
|
|
|
|
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
|
|
sensitiveDataExtraStepForCalls(node1, node2)
|
|
}
|
|
}
|
|
// import DataFlow::PathGraph
|
|
// from SensitiveUseConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
|
// where cfg.hasFlowPath(source, sink)
|
|
// select sink, source, sink, "taint from $@", source.getNode(), "here"
|