Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 30554a1

Browse files
jorgectfjorgectf
committed
Format
1 parent ee1d2b6 commit 30554a1

2 files changed

Lines changed: 19 additions & 7 deletions

File tree

python/ql/src/experimental/Security/CWE-730/RegexInjection.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,4 +19,4 @@ import DataFlow::PathGraph
1919
from RegexInjectionFlowConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
2020
where config.hasFlowPath(source, sink)
2121
select sink.getNode(), source, sink, "$@ regular expression is constructed from a $@.",
22-
sink.getNode(), "This", source.getNode(), "user-provided value"
22+
sink.getNode(), "This", source.getNode(), "user-provided value"

python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,6 @@ private module Stdlib {
1515
// re
1616
// ---------------------------------------------------------------------------
1717
private module Re {
18-
1918
/** Gets a reference to the `re` module. */
2019
private DataFlow::Node re(DataFlow::TypeTracker t) {
2120
t.start() and
@@ -32,7 +31,10 @@ private module Stdlib {
3231
* WARNING: Only holds for a few predefined attributes.
3332
*/
3433
private DataFlow::Node re_attr(DataFlow::TypeTracker t, string attr_name) {
35-
attr_name in ["match", "fullmatch", "search", "split", "findall", "finditer", "sub", "subn", "compile", "escape"] and
34+
attr_name in [
35+
"match", "fullmatch", "search", "split", "findall", "finditer", "sub", "subn", "compile",
36+
"escape"
37+
] and
3638
(
3739
t.start() and
3840
result = DataFlow::importNode("re" + "." + attr_name)
@@ -87,6 +89,7 @@ private module Stdlib {
8789
ReMatchCall() { node.getFunction() = re_attr("match").asCfgNode() }
8890

8991
override DataFlow::Node getRegexNode() { result.asCfgNode() = node.getArg(0) }
92+
9093
override Attribute getRegexMethod() { result = node.getNode().getFunc().(Attribute) }
9194
}
9295

@@ -100,6 +103,7 @@ private module Stdlib {
100103
ReFullMatchCall() { node.getFunction() = re_attr("fullmatch").asCfgNode() }
101104

102105
override DataFlow::Node getRegexNode() { result.asCfgNode() = node.getArg(0) }
106+
103107
override Attribute getRegexMethod() { result = node.getNode().getFunc().(Attribute) }
104108
}
105109

@@ -113,6 +117,7 @@ private module Stdlib {
113117
ReSearchCall() { node.getFunction() = re_attr("search").asCfgNode() }
114118

115119
override DataFlow::Node getRegexNode() { result.asCfgNode() = node.getArg(0) }
120+
116121
override Attribute getRegexMethod() { result = node.getNode().getFunc().(Attribute) }
117122
}
118123

@@ -126,6 +131,7 @@ private module Stdlib {
126131
ReSplitCall() { node.getFunction() = re_attr("split").asCfgNode() }
127132

128133
override DataFlow::Node getRegexNode() { result.asCfgNode() = node.getArg(0) }
134+
129135
override Attribute getRegexMethod() { result = node.getNode().getFunc().(Attribute) }
130136
}
131137

@@ -139,6 +145,7 @@ private module Stdlib {
139145
ReFindAllCall() { node.getFunction() = re_attr("findall").asCfgNode() }
140146

141147
override DataFlow::Node getRegexNode() { result.asCfgNode() = node.getArg(0) }
148+
142149
override Attribute getRegexMethod() { result = node.getNode().getFunc().(Attribute) }
143150
}
144151

@@ -152,6 +159,7 @@ private module Stdlib {
152159
ReFindIterCall() { node.getFunction() = re_attr("finditer").asCfgNode() }
153160

154161
override DataFlow::Node getRegexNode() { result.asCfgNode() = node.getArg(0) }
162+
155163
override Attribute getRegexMethod() { result = node.getNode().getFunc().(Attribute) }
156164
}
157165

@@ -165,6 +173,7 @@ private module Stdlib {
165173
ReSubCall() { node.getFunction() = re_attr("sub").asCfgNode() }
166174

167175
override DataFlow::Node getRegexNode() { result.asCfgNode() = node.getArg(0) }
176+
168177
override Attribute getRegexMethod() { result = node.getNode().getFunc().(Attribute) }
169178
}
170179

@@ -178,6 +187,7 @@ private module Stdlib {
178187
ReSubNCall() { node.getFunction() = re_attr("subn").asCfgNode() }
179188

180189
override DataFlow::Node getRegexNode() { result.asCfgNode() = node.getArg(0) }
190+
181191
override Attribute getRegexMethod() { result = node.getNode().getFunc().(Attribute) }
182192
}
183193

@@ -191,6 +201,7 @@ private module Stdlib {
191201
ReEscapeCall() { node.getFunction() = re_attr("escape").asCfgNode() }
192202

193203
override DataFlow::Node getRegexNode() { result.asCfgNode() = node.getArg(0) }
204+
194205
override Attribute getRegexMethod() { result = node.getNode().getFunc().(Attribute) }
195206
}
196207

@@ -204,13 +215,14 @@ private module Stdlib {
204215
ReCompileCall() { node.getFunction() = re_attr("compile").asCfgNode() }
205216

206217
override DataFlow::Node getRegexNode() { result.asCfgNode() = node.getArg(0) }
207-
override Attribute getRegexMethod() {
208-
exists (DataFlow::AttrRead reMethod |
218+
219+
override Attribute getRegexMethod() {
220+
exists(DataFlow::AttrRead reMethod |
209221
reMethod = re_exec_attr() and
210222
node.getFunction() = reMethod.getObject().getALocalSource().asCfgNode() and
211223
result = reMethod.asExpr().(Attribute)
212224
)
213-
}
225+
}
214226
}
215227
}
216-
}
228+
}

0 commit comments

Comments
 (0)