Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 5b9ae9c

Browse files
yoffyoff
authored
Merge pull request #7659 from RasmusWL/move-regex-injection-files
Python: Move regex injection configuration files
2 parents 0846d1f + b9ee296 commit 5b9ae9c

6 files changed

Lines changed: 112 additions & 96 deletions

File tree

python/ql/lib/change-notes/2022-01-19-move-regex-injection.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
category: deprecated
3+
---
4+
* Moved the files defining regex injection configuration and customization, instead of `import semmle.python.security.injection.RegexInjection` please use `import semmle.python.security.dataflow.RegexInjection` (the same for `RegexInjectionCustomizations`).

python/ql/lib/semmle/python/security/dataflow/RegexInjection.qll

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
/**
2+
* Provides a taint-tracking configuration for detecting regular expression injection
3+
* vulnerabilities.
4+
*
5+
* Note, for performance reasons: only import this file if
6+
* `RegexInjection::Configuration` is needed, otherwise
7+
* `RegexInjectionCustomizations` should be imported instead.
8+
*/
9+
10+
private import python
11+
import semmle.python.dataflow.new.DataFlow
12+
import semmle.python.dataflow.new.TaintTracking
13+
14+
/**
15+
* Provides a taint-tracking configuration for detecting regular expression injection
16+
* vulnerabilities.
17+
*/
18+
module RegexInjection {
19+
import RegexInjectionCustomizations::RegexInjection
20+
21+
/**
22+
* A taint-tracking configuration for detecting "reflected server-side cross-site scripting" vulnerabilities.
23+
*/
24+
class Configuration extends TaintTracking::Configuration {
25+
Configuration() { this = "RegexInjection" }
26+
27+
override predicate isSource(DataFlow::Node source) { source instanceof Source }
28+
29+
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
30+
31+
override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
32+
33+
override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
34+
guard instanceof SanitizerGuard
35+
}
36+
}
37+
}

python/ql/lib/semmle/python/security/dataflow/RegexInjectionCustomizations.qll

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
/**
2+
* Provides default sources, sinks and sanitizers for detecting
3+
* "regular expression injection"
4+
* vulnerabilities, as well as extension points for adding your own.
5+
*/
6+
7+
private import python
8+
private import semmle.python.Concepts
9+
private import semmle.python.dataflow.new.DataFlow
10+
private import semmle.python.dataflow.new.TaintTracking
11+
private import semmle.python.dataflow.new.RemoteFlowSources
12+
13+
/**
14+
* Provides default sources, sinks and sanitizers for detecting
15+
* "regular expression injection"
16+
* vulnerabilities, as well as extension points for adding your own.
17+
*/
18+
module RegexInjection {
19+
/**
20+
* A data flow source for "regular expression injection" vulnerabilities.
21+
*/
22+
abstract class Source extends DataFlow::Node { }
23+
24+
/**
25+
* A sink for "regular expression injection" vulnerabilities is the execution of a regular expression.
26+
* If you have a custom way to execute regular expressions, you can extend `RegexExecution::Range`.
27+
*/
28+
class Sink extends DataFlow::Node {
29+
RegexExecution regexExecution;
30+
31+
Sink() { this = regexExecution.getRegex() }
32+
33+
/** Gets the call that executes the regular expression marked by this sink. */
34+
RegexExecution getRegexExecution() { result = regexExecution }
35+
}
36+
37+
/**
38+
* A sanitizer for "regular expression injection" vulnerabilities.
39+
*/
40+
abstract class Sanitizer extends DataFlow::Node { }
41+
42+
/**
43+
* A sanitizer guard for "regular expression injection" vulnerabilities.
44+
*/
45+
abstract class SanitizerGuard extends DataFlow::BarrierGuard { }
46+
47+
/**
48+
* A source of remote user input, considered as a flow source.
49+
*/
50+
class RemoteFlowSourceAsSource extends Source, RemoteFlowSource { }
51+
52+
/**
53+
* A regex escaping, considered as a sanitizer.
54+
*/
55+
class RegexEscapingAsSanitizer extends Sanitizer {
56+
RegexEscapingAsSanitizer() {
57+
// Due to use-use flow, we want the output rather than an input
58+
// (so the input can still flow to other sinks).
59+
this = any(RegexEscaping esc).getOutput()
60+
}
61+
}
62+
}

python/ql/lib/semmle/python/security/injection/RegexInjection.qll

Lines changed: 4 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -1,37 +1,6 @@
1-
/**
2-
* Provides a taint-tracking configuration for detecting regular expression injection
3-
* vulnerabilities.
4-
*
5-
* Note, for performance reasons: only import this file if
6-
* `RegexInjection::Configuration` is needed, otherwise
7-
* `RegexInjectionCustomizations` should be imported instead.
8-
*/
1+
/** DEPRECATED: use semmle.python.security.dataflow.RegexInjection instead. */
92

10-
private import python
11-
import semmle.python.dataflow.new.DataFlow
12-
import semmle.python.dataflow.new.TaintTracking
3+
private import semmle.python.security.dataflow.RegexInjection as New
134

14-
/**
15-
* Provides a taint-tracking configuration for detecting regular expression injection
16-
* vulnerabilities.
17-
*/
18-
module RegexInjection {
19-
import RegexInjectionCustomizations::RegexInjection
20-
21-
/**
22-
* A taint-tracking configuration for detecting "reflected server-side cross-site scripting" vulnerabilities.
23-
*/
24-
class Configuration extends TaintTracking::Configuration {
25-
Configuration() { this = "RegexInjection" }
26-
27-
override predicate isSource(DataFlow::Node source) { source instanceof Source }
28-
29-
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
30-
31-
override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
32-
33-
override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
34-
guard instanceof SanitizerGuard
35-
}
36-
}
37-
}
5+
/** DEPRECATED: use semmle.python.security.dataflow.RegexInjection instead. */
6+
deprecated module RegexInjection = New::RegexInjection;

python/ql/lib/semmle/python/security/injection/RegexInjectionCustomizations.qll

Lines changed: 4 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -1,62 +1,6 @@
1-
/**
2-
* Provides default sources, sinks and sanitizers for detecting
3-
* "regular expression injection"
4-
* vulnerabilities, as well as extension points for adding your own.
5-
*/
1+
/** DEPRECATED: use semmle.python.security.dataflow.RegexInjectionCustomizations instead. */
62

7-
private import python
8-
private import semmle.python.Concepts
9-
private import semmle.python.dataflow.new.DataFlow
10-
private import semmle.python.dataflow.new.TaintTracking
11-
private import semmle.python.dataflow.new.RemoteFlowSources
3+
private import semmle.python.security.dataflow.RegexInjectionCustomizations as New
124

13-
/**
14-
* Provides default sources, sinks and sanitizers for detecting
15-
* "regular expression injection"
16-
* vulnerabilities, as well as extension points for adding your own.
17-
*/
18-
module RegexInjection {
19-
/**
20-
* A data flow source for "regular expression injection" vulnerabilities.
21-
*/
22-
abstract class Source extends DataFlow::Node { }
23-
24-
/**
25-
* A sink for "regular expression injection" vulnerabilities is the execution of a regular expression.
26-
* If you have a custom way to execute regular expressions, you can extend `RegexExecution::Range`.
27-
*/
28-
class Sink extends DataFlow::Node {
29-
RegexExecution regexExecution;
30-
31-
Sink() { this = regexExecution.getRegex() }
32-
33-
/** Gets the call that executes the regular expression marked by this sink. */
34-
RegexExecution getRegexExecution() { result = regexExecution }
35-
}
36-
37-
/**
38-
* A sanitizer for "regular expression injection" vulnerabilities.
39-
*/
40-
abstract class Sanitizer extends DataFlow::Node { }
41-
42-
/**
43-
* A sanitizer guard for "regular expression injection" vulnerabilities.
44-
*/
45-
abstract class SanitizerGuard extends DataFlow::BarrierGuard { }
46-
47-
/**
48-
* A source of remote user input, considered as a flow source.
49-
*/
50-
class RemoteFlowSourceAsSource extends Source, RemoteFlowSource { }
51-
52-
/**
53-
* A regex escaping, considered as a sanitizer.
54-
*/
55-
class RegexEscapingAsSanitizer extends Sanitizer {
56-
RegexEscapingAsSanitizer() {
57-
// Due to use-use flow, we want the output rather than an input
58-
// (so the input can still flow to other sinks).
59-
this = any(RegexEscaping esc).getOutput()
60-
}
61-
}
62-
}
5+
/** DEPRECATED: use semmle.python.security.dataflow.RegexInjectionCustomizations instead. */
6+
deprecated module RegexInjection = New::RegexInjection;

python/ql/src/Security/CWE-730/RegexInjection.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414

1515
import python
1616
private import semmle.python.Concepts
17-
import semmle.python.security.injection.RegexInjection
17+
import semmle.python.security.dataflow.RegexInjection
1818
import DataFlow::PathGraph
1919

2020
from

0 commit comments

Comments
 (0)