-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathPycurl.qll
More file actions
104 lines (91 loc) · 3.34 KB
/
Pycurl.qll
File metadata and controls
104 lines (91 loc) · 3.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
/**
* Provides classes modeling security-relevant aspects of the `pycurl` PyPI package.
*
* See
* - https://pypi.org/project/pycurl/
* - https://pycurl.io/docs/latest/
*/
private import python
private import semmle.python.Concepts
private import semmle.python.ApiGraphs
private import semmle.python.frameworks.data.ModelsAsData
/**
* INTERNAL: Do not use.
*
* Provides models for the `pycurl` PyPI package.
*
* See
* - https://pypi.org/project/pycurl/
* - https://pycurl.io/docs/latest/
*/
module Pycurl {
/**
* Provides models for the `pycurl.Curl` class
*
* See https://pycurl.io/docs/latest/curl.html.
*/
module Curl {
/** Gets a reference to the `pycurl.Curl` class. */
API::Node classRef() {
result = API::moduleImport("pycurl").getMember("Curl")
or
result = ModelOutput::getATypeNode("pycurl.Curl~Subclass").getASubclass*()
}
/** Gets a reference to an instance of `pycurl.Curl`. */
private API::Node instance() { result = classRef().getReturn() }
/** Gets a reference to `pycurl.Curl.setopt`. */
private API::Node setopt() { result = instance().getMember("setopt") }
/** Gets a reference to the constant `pycurl.Curl.SSL_VERIFYPEER`. */
private API::Node sslverifypeer() {
result = API::moduleImport("pycurl").getMember("SSL_VERIFYPEER") or
result = instance().getMember("SSL_VERIFYPEER")
}
/**
* When the first parameter value of the `setopt` function is set to `pycurl.URL`,
* the second parameter value is the request resource link.
*
* See http://pycurl.io/docs/latest/curlobject.html#pycurl.Curl.setopt.
*/
private class OutgoingRequestCall extends Http::Client::Request::Range instanceof DataFlow::CallCfgNode
{
OutgoingRequestCall() {
this = setopt().getACall() and
this.getArg(0).asCfgNode().(AttrNode).getName() = "URL"
}
override DataFlow::Node getAUrlPart() {
result in [super.getArg(1), super.getArgByName("value")]
}
override string getFramework() { result = "pycurl.Curl" }
override predicate disablesCertificateValidation(
DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
) {
none()
}
}
/**
* When the first parameter value of the `setopt` function is set to `SSL_VERIFYPEER` or `SSL_VERIFYHOST`,
* the second parameter value disables or enable SSL certifiacte verification.
*
* See http://pycurl.io/docs/latest/curlobject.html#pycurl.Curl.setopt.
*/
private class CurlSslCall extends Http::Client::Request::Range instanceof DataFlow::CallCfgNode {
CurlSslCall() {
this = setopt().getACall() and
this.getArg(0).asCfgNode().(AttrNode).getName() = ["SSL_VERIFYPEER", "SSL_VERIFYHOST"]
}
override DataFlow::Node getAUrlPart() { none() }
override string getFramework() { result = "pycurl.Curl" }
override predicate disablesCertificateValidation(
DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
) {
sslverifypeer().getAValueReachableFromSource() = super.getArg(0) and
(
super.getArg(1).asExpr().(IntegerLiteral).getValue() = 0
or
super.getArg(1).asExpr().(BooleanLiteral).booleanValue() = false
) and
(disablingNode = this and argumentOrigin = super.getArg(1))
}
}
}
}