mirror of
https://github.com/github/codeql.git
synced 2025-12-21 19:26:31 +01:00
f07a7bf8cf
Will need subsequent PRs fixing up test failures (due to deprecated methods moving around), but other than that everything should be straight-forward.
30 lines
769 B
Plaintext
30 lines
769 B
Plaintext
/**
|
|
* @name Except block handles 'BaseException'
|
|
* @description Handling 'BaseException' means that system exits and keyboard interrupts may be mis-handled.
|
|
* @kind problem
|
|
* @tags reliability
|
|
* readability
|
|
* convention
|
|
* external/cwe/cwe-396
|
|
* @problem.severity recommendation
|
|
* @sub-severity high
|
|
* @precision very-high
|
|
* @id py/catch-base-exception
|
|
*/
|
|
|
|
import python
|
|
|
|
predicate doesnt_reraise(ExceptStmt ex) { ex.getAFlowNode().getBasicBlock().reachesExit() }
|
|
|
|
predicate catches_base_exception(ExceptStmt ex) {
|
|
ex.getType().pointsTo(ClassValue::baseException())
|
|
or
|
|
not exists(ex.getType())
|
|
}
|
|
|
|
from ExceptStmt ex
|
|
where
|
|
catches_base_exception(ex) and
|
|
doesnt_reraise(ex)
|
|
select ex, "Except block directly handles BaseException."
|