mirror of
https://github.com/github/codeql.git
synced 2026-07-14 07:48:16 +02:00
25 lines
854 B
Plaintext
25 lines
854 B
Plaintext
/**
|
|
* @name Untrusted data passed to external API
|
|
* @description Data provided remotely is used in this external API without sanitization, which could be a security risk.
|
|
* @id py/untrusted-data-to-external-api
|
|
* @kind path-problem
|
|
* @precision low
|
|
* @problem.severity error
|
|
* @security-severity 7.8
|
|
* @tags security external/cwe/cwe-020
|
|
*/
|
|
|
|
import python
|
|
import ExternalAPIs
|
|
import UntrustedDataToExternalApiFlow::PathGraph
|
|
|
|
from
|
|
UntrustedDataToExternalApiFlow::PathNode source, UntrustedDataToExternalApiFlow::PathNode sink,
|
|
ExternalApiUsedWithUntrustedData externalApi
|
|
where
|
|
sink.getNode() = externalApi.getUntrustedDataNode() and
|
|
UntrustedDataToExternalApiFlow::flowPath(source, sink)
|
|
select sink.getNode(), source, sink,
|
|
"Call to " + externalApi.toString() + " with untrusted data from $@.", source.getNode(),
|
|
source.toString()
|