Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 51f1cf0

Browse files
tausbntausbn
committed
Python: Autoformat security.
1 parent 4852bb7 commit 51f1cf0

21 files changed

Lines changed: 186 additions & 448 deletions

python/ql/src/semmle/python/security/ClearText.qll

Lines changed: 7 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -5,38 +5,30 @@ import semmle.python.dataflow.Files
55
import semmle.python.web.Http
66

77
module ClearTextStorage {
8-
98
abstract class Sink extends TaintSink {
10-
override predicate sinks(TaintKind kind) {
11-
kind instanceof SensitiveData
12-
}
9+
override predicate sinks(TaintKind kind) { kind instanceof SensitiveData }
1310
}
1411

1512
class CookieStorageSink extends Sink {
16-
CookieStorageSink() {
17-
any(CookieSet cookie).getValue() = this
18-
}
13+
CookieStorageSink() { any(CookieSet cookie).getValue() = this }
1914
}
2015

2116
class FileStorageSink extends Sink {
2217
FileStorageSink() {
2318
exists(CallNode call, AttrNode meth, string name |
2419
any(OpenFile fd).taints(meth.getObject(name)) and
2520
call.getFunction() = meth and
26-
call.getAnArg() = this |
21+
call.getAnArg() = this
22+
|
2723
name = "write"
2824
)
2925
}
3026
}
31-
3227
}
3328

3429
module ClearTextLogging {
35-
3630
abstract class Sink extends TaintSink {
37-
override predicate sinks(TaintKind kind) {
38-
kind instanceof SensitiveData
39-
}
31+
override predicate sinks(TaintKind kind) { kind instanceof SensitiveData }
4032
}
4133

4234
class PrintSink extends Sink {
@@ -53,7 +45,8 @@ module ClearTextLogging {
5345
exists(CallNode call, AttrNode meth, string name |
5446
call.getFunction() = meth and
5547
meth.getObject(name).(NameNode).getId().matches("logg%") and
56-
call.getAnArg() = this |
48+
call.getAnArg() = this
49+
|
5750
name = "error" or
5851
name = "warn" or
5952
name = "warning" or
@@ -62,5 +55,4 @@ module ClearTextLogging {
6255
)
6356
}
6457
}
65-
6658
}

python/ql/src/semmle/python/security/Crypto.qll

Lines changed: 20 additions & 84 deletions
Original file line numberDiff line numberDiff line change
@@ -1,49 +1,32 @@
11
import python
22
import semmle.python.security.TaintTracking
3-
43
private import semmle.python.security.SensitiveData
54
private import semmle.crypto.Crypto as CryptoLib
65

7-
86
abstract class WeakCryptoSink extends TaintSink {
9-
10-
override predicate sinks(TaintKind taint) {
11-
taint instanceof SensitiveData
12-
}
7+
override predicate sinks(TaintKind taint) { taint instanceof SensitiveData }
138
}
149

1510
/** Modeling the 'pycrypto' package https://github.com/dlitz/pycrypto (latest release 2013) */
1611
module Pycrypto {
17-
18-
ModuleValue cipher(string name) {
19-
result = Module::named("Crypto.Cipher").attr(name)
20-
}
12+
ModuleValue cipher(string name) { result = Module::named("Crypto.Cipher").attr(name) }
2113

2214
class CipherInstance extends TaintKind {
23-
2415
string name;
2516

2617
CipherInstance() {
27-
this = "Crypto.Cipher." + name and
18+
this = "Crypto.Cipher." + name and
2819
exists(cipher(name))
2920
}
3021

31-
string getName() {
32-
result = name
33-
}
34-
35-
CryptoLib::CryptographicAlgorithm getAlgorithm() {
36-
result.getName() = name
37-
}
22+
string getName() { result = name }
3823

39-
predicate isWeak() {
40-
this.getAlgorithm().isWeak()
41-
}
24+
CryptoLib::CryptographicAlgorithm getAlgorithm() { result.getName() = name }
4225

26+
predicate isWeak() { this.getAlgorithm().isWeak() }
4327
}
4428

4529
class CipherInstanceSource extends TaintSource {
46-
4730
CipherInstance instance;
4831

4932
CipherInstanceSource() {
@@ -53,18 +36,12 @@ module Pycrypto {
5336
)
5437
}
5538

56-
override string toString() {
57-
result = "Source of " + instance
58-
}
59-
60-
override predicate isSourceOf(TaintKind kind) {
61-
kind = instance
62-
}
39+
override string toString() { result = "Source of " + instance }
6340

41+
override predicate isSourceOf(TaintKind kind) { kind = instance }
6442
}
6543

6644
class PycryptoWeakCryptoSink extends WeakCryptoSink {
67-
6845
string name;
6946

7047
PycryptoWeakCryptoSink() {
@@ -77,36 +54,24 @@ module Pycrypto {
7754
)
7855
}
7956

80-
override string toString() {
81-
result = "Use of weak crypto algorithm " + name
82-
}
83-
57+
override string toString() { result = "Use of weak crypto algorithm " + name }
8458
}
85-
8659
}
8760

8861
module Cryptography {
89-
9062
ModuleValue ciphers() {
9163
result = Module::named("cryptography.hazmat.primitives.ciphers") and
9264
result.isPackage()
9365
}
9466

9567
class CipherClass extends ClassValue {
96-
CipherClass() {
97-
ciphers().attr("Cipher") = this
98-
}
68+
CipherClass() { ciphers().attr("Cipher") = this }
9969
}
10070

10171
class AlgorithmClass extends ClassValue {
72+
AlgorithmClass() { ciphers().attr("algorithms").attr(_) = this }
10273

103-
AlgorithmClass() {
104-
ciphers().attr("algorithms").attr(_) = this
105-
}
106-
107-
string getAlgorithmName() {
108-
result = this.declaredAttribute("name").(StringValue).getText()
109-
}
74+
string getAlgorithmName() { result = this.declaredAttribute("name").(StringValue).getText() }
11075

11176
predicate isWeak() {
11277
exists(CryptoLib::CryptographicAlgorithm algo |
@@ -117,61 +82,39 @@ module Cryptography {
11782
}
11883

11984
class CipherInstance extends TaintKind {
120-
12185
AlgorithmClass cls;
12286

123-
CipherInstance() {
124-
this = "cryptography.Cipher." + cls.getAlgorithmName()
125-
}
87+
CipherInstance() { this = "cryptography.Cipher." + cls.getAlgorithmName() }
12688

127-
AlgorithmClass getAlgorithm() {
128-
result = cls
129-
}
89+
AlgorithmClass getAlgorithm() { result = cls }
13090

131-
predicate isWeak() {
132-
cls.isWeak()
133-
}
91+
predicate isWeak() { cls.isWeak() }
13492

13593
override TaintKind getTaintOfMethodResult(string name) {
13694
name = "encryptor" and
13795
result.(Encryptor).getAlgorithm() = this.getAlgorithm()
13896
}
139-
14097
}
14198

14299
class CipherSource extends TaintSource {
143-
144-
CipherSource() {
145-
this.(CallNode).getFunction().pointsTo(any(CipherClass cls))
146-
}
100+
CipherSource() { this.(CallNode).getFunction().pointsTo(any(CipherClass cls)) }
147101

148102
override predicate isSourceOf(TaintKind kind) {
149103
this.(CallNode).getArg(0).pointsTo().getClass() = kind.(CipherInstance).getAlgorithm()
150104
}
151105

152-
override string toString() {
153-
result = "cryptography.Cipher.source"
154-
}
155-
106+
override string toString() { result = "cryptography.Cipher.source" }
156107
}
157108

158109
class Encryptor extends TaintKind {
159-
160110
AlgorithmClass cls;
161111

162-
Encryptor() {
163-
this = "cryptography.encryptor." + cls.getAlgorithmName()
164-
165-
}
166-
167-
AlgorithmClass getAlgorithm() {
168-
result = cls
169-
}
112+
Encryptor() { this = "cryptography.encryptor." + cls.getAlgorithmName() }
170113

114+
AlgorithmClass getAlgorithm() { result = cls }
171115
}
172116

173117
class CryptographyWeakCryptoSink extends WeakCryptoSink {
174-
175118
CryptographyWeakCryptoSink() {
176119
exists(CallNode call, AttrNode method, Encryptor encryptor |
177120
call.getAnArg() = this and
@@ -181,23 +124,16 @@ module Cryptography {
181124
)
182125
}
183126

184-
override string toString() {
185-
result = "Use of weak crypto algorithm"
186-
}
187-
127+
override string toString() { result = "Use of weak crypto algorithm" }
188128
}
189-
190-
191129
}
192130

193131
private class CipherConfig extends TaintTracking::Configuration {
194-
195132
CipherConfig() { this = "Crypto cipher config" }
196133

197134
override predicate isSource(TaintTracking::Source source) {
198135
source instanceof Pycrypto::CipherInstanceSource
199136
or
200137
source instanceof Cryptography::CipherSource
201138
}
202-
203139
}

0 commit comments

Comments
 (0)