mirror of
https://github.com/github/codeql.git
synced 2026-01-11 21:50:28 +01:00
58 lines
1.6 KiB
Plaintext
58 lines
1.6 KiB
Plaintext
/**
|
|
* Provides default sources, sinks and sanitizers for detecting
|
|
* "code injection"
|
|
* vulnerabilities, as well as extension points for adding your own.
|
|
*/
|
|
|
|
private import python
|
|
private import semmle.python.dataflow.new.DataFlow
|
|
private import semmle.python.Concepts
|
|
private import semmle.python.dataflow.new.RemoteFlowSources
|
|
private import semmle.python.dataflow.new.BarrierGuards
|
|
|
|
/**
|
|
* Provides default sources, sinks and sanitizers for detecting
|
|
* "code injection"
|
|
* vulnerabilities, as well as extension points for adding your own.
|
|
*/
|
|
module CodeInjection {
|
|
/**
|
|
* A data flow source for "code injection" vulnerabilities.
|
|
*/
|
|
abstract class Source extends DataFlow::Node { }
|
|
|
|
/**
|
|
* A data flow sink for "code injection" vulnerabilities.
|
|
*/
|
|
abstract class Sink extends DataFlow::Node { }
|
|
|
|
/**
|
|
* A sanitizer for "code injection" vulnerabilities.
|
|
*/
|
|
abstract class Sanitizer extends DataFlow::Node { }
|
|
|
|
/**
|
|
* DEPRECATED: Use `Sanitizer` instead.
|
|
*
|
|
* A sanitizer guard for "code injection" vulnerabilities.
|
|
*/
|
|
abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { }
|
|
|
|
/**
|
|
* A source of remote user input, considered as a flow source.
|
|
*/
|
|
class RemoteFlowSourceAsSource extends Source, RemoteFlowSource { }
|
|
|
|
/**
|
|
* A code execution, considered as a flow sink.
|
|
*/
|
|
class CodeExecutionAsSink extends Sink {
|
|
CodeExecutionAsSink() { this = any(CodeExecution e).getCode() }
|
|
}
|
|
|
|
/**
|
|
* A comparison with a constant string, considered as a sanitizer-guard.
|
|
*/
|
|
class StringConstCompareAsSanitizer extends Sanitizer, StringConstCompareBarrier { }
|
|
}
|