hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
63a09fccdd6764fb5f0fd8b8cdbaae5ddf443bca
codeql/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/TestTaint.ql
Rasmus Wriedt Larsen a82936c904 Python: Enable test for sanitizer-guard and logic expressions 
`not` is not working properly, but otherwise pretty good
2020-11-20 10:06:25 +01:00

36 lines
1.2 KiB
Plaintext
Raw Blame History

import experimental.dataflow.tainttracking.TestTaintLib
class IsSafeCheck extends DataFlow::BarrierGuard {
IsSafeCheck() {
this.(CallNode).getNode().getFunc().(Name).getId() in ["is_safe", "emulated_is_safe"]
}
override predicate checks(ControlFlowNode node, boolean branch) {
node = this.(CallNode).getAnArg() and
branch = true
}
}
class CustomSanitizerOverrides extends TestTaintTrackingConfiguration {
override predicate isSanitizer(DataFlow::Node node) {
exists(Call call |
call.getFunc().(Name).getId() = "emulated_authentication_check" and
call.getArg(0) = node.asExpr()
)
or
node.asExpr().(Call).getFunc().(Name).getId() = "emulated_escaping"
}
override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { guard instanceof IsSafeCheck }
}
query predicate isSanitizer(TestTaintTrackingConfiguration conf, DataFlow::Node node) {
exists(node.getLocation().getFile().getRelativePath()) and
conf.isSanitizer(node)
}
query predicate isSanitizerGuard(TestTaintTrackingConfiguration conf, DataFlow::BarrierGuard guard) {
exists(guard.getLocation().getFile().getRelativePath()) and
conf.isSanitizerGuard(guard)
}
Reference in New Issue View Git Blame Copy Permalink