hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
fef08afff9020323bba3276327b953d3371888d9
codeql/python/ql/test/library-tests/taint/extensions/ExtensionsLib.qll
Taus fef08afff9 Python: Remove points-to to from ControlFlowNode 
Moves the existing points-to predicates to the newly added class
`ControlFlowNodeWithPointsTo` which resides in the `LegacyPointsTo`
module.

(Existing code that uses these predicates should import this module, and
references to `ControlFlowNode` should be changed to
`ControlFlowNodeWithPointsTo`.)

Also updates all existing points-to based code to do just this.
2025-10-30 13:30:04 +00:00

75 lines
2.0 KiB
Plaintext
Raw Blame History

import python
private import LegacyPointsTo
import semmle.python.dataflow.TaintTracking
class SimpleTest extends TaintKind {
SimpleTest() { this = "simple.test" }
}
class SimpleSink extends TaintSink {
override string toString() { result = "Simple sink" }
SimpleSink() {
exists(CallNode call |
call.getFunction().(NameNode).getId() = "SINK" and
this = call.getAnArg()
)
}
override predicate sinks(TaintKind taint) { taint instanceof SimpleTest }
}
class SimpleSource extends TaintSource {
SimpleSource() { this.(NameNode).getId() = "SOURCE" }
override predicate isSourceOf(TaintKind kind) { kind instanceof SimpleTest }
override string toString() { result = "simple.source" }
}
predicate visit_call(CallNode call, FunctionObject func) {
exists(AttrNode attr, ClassObject cls, string name |
name.matches("visit\\_%") and
func = cls.lookupAttribute(name) and
attr.getObject("visit").(ControlFlowNodeWithPointsTo).refersTo(_, cls, _) and
attr = call.getFunction()
)
}
/* Test call extensions by tracking taint through visitor methods */
class TestCallReturnExtension extends DataFlowExtension::DataFlowNode {
TestCallReturnExtension() {
exists(PyFunctionObject func |
visit_call(_, func) and
this = func.getAReturnedNode()
)
}
override ControlFlowNode getAReturnSuccessorNode(CallNode call) {
exists(PyFunctionObject func |
visit_call(call, func) and
this = func.getAReturnedNode() and
result = call
)
}
}
class TestCallParameterExtension extends DataFlowExtension::DataFlowNode {
TestCallParameterExtension() {
exists(PyFunctionObject func, CallNode call |
visit_call(call, func) and
this = call.getAnArg()
)
}
override ControlFlowNode getACalleeSuccessorNode(CallNode call) {
exists(PyFunctionObject func |
visit_call(call, func) and
exists(int n |
this = call.getArg(n) and
result.getNode() = func.getFunction().getArg(n + 1)
)
)
}
}
Reference in New Issue View Git Blame Copy Permalink