Python: Use more common name for concept

yoff · yoff · commit 93383747bd4e · 2020-10-14T09:28:58.000+02:00
diff --git a/python/ql/src/experimental/Security-new-dataflow/CWE-502/UnsafeDeserialization.ql b/python/ql/src/experimental/Security-new-dataflow/CWE-502/UnsafeDeserialization.ql
@@ -24,7 +24,7 @@ class UnsafeDeserializationConfiguration extends TaintTracking::Configuration {
   override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
   override predicate isSink(DataFlow::Node sink) {
-    exists(UnmarshalingFunction d |
+    exists(Decoding d |
       d.unsafe() and
       sink = d.getAnInput()
     )
diff --git a/python/ql/src/experimental/semmle/python/Concepts.qll b/python/ql/src/experimental/semmle/python/Concepts.qll
@@ -40,17 +40,20 @@ module SystemCommandExecution {
 }
 
 /**
- * A function that decodes data from a binary or textual format.
+ * A data-flow node that decodes data from a binary or textual format. This
+ * is intended to include deserialization, unmarshalling, decoding, unpickling,
+ * unzipping, decrypting, parsing etc.
+ *
  * Doing so should normally preserve taint, but it can also be a problem
- * in itself, e.g. if it performs deserialization in a potentially unsafe way.
+ * in itself, e.g. if it allows code execution or could result in deinal-of-service.
  *
  * Extend this class to refine existing API models. If you want to model new APIs,
- * extend `UnmarshalingFunction::Range` instead.
+ * extend `Decoding::Range` instead.
  */
-class UnmarshalingFunction extends DataFlow::Node {
-  UnmarshalingFunction::Range self;
+class Decoding extends DataFlow::Node {
+  Decoding::Range self;
 
-  UnmarshalingFunction() { this = self }
+  Decoding() { this = self }
 
   /** Holds if this call is unsafe, e.g. if it may execute arbitrary code. */
   predicate unsafe() { self.unsafe() }
@@ -65,15 +68,18 @@ class UnmarshalingFunction extends DataFlow::Node {
   string getFormat() { result = self.getFormat() }
 }
 
-/** Provides a class for modeling new unmarshaling/decoding/deserialization functions. */
-module UnmarshalingFunction {
+/** Provides a class for modeling new decoding mechanisms. */
+module Decoding {
   /**
-   * A function that decodes data from a binary or textual format.
-   * Doing so should normally preserve taint, but it can oalso be a problem
-   * in itself, e.g. if it performs deserialization in a potentially unsafe way.
+   * A data-flow node that decodes data from a binary or textual format. This
+   * is intended to include deserialization, unmarshalling, decoding, unpickling,
+   * unzipping, decrypting, parsing etc.
+   *
+   * Doing so should normally preserve taint, but it can also be a problem
+   * in itself, e.g. if it allows code execution or could result in deinal-of-service.
    *
    * Extend this class to model new APIs. If you want to refine existing API models,
-   * extend `UnmarshalingFunction` instead.
+   * extend `Decoding` instead.
    */
   abstract class Range extends DataFlow::Node {
     /** Holds if this call is unsafe, e.g. if it may execute arbitrary code. */
diff --git a/python/ql/src/experimental/semmle/python/frameworks/Dill.qll b/python/ql/src/experimental/semmle/python/frameworks/Dill.qll
@@ -43,10 +43,8 @@ private module Dill {
  * See https://pypi.org/project/dill/ (which currently refers you
  * to https://docs.python.org/3/library/pickle.html#pickle.loads)
  */
-private class DillLoadsCall extends UnmarshalingFunction::Range {
-  DillLoadsCall() {
-    this.asCfgNode().(CallNode).getFunction() = Dill::dill::loads().asCfgNode()
-  }
+private class DillLoadsCall extends Decoding::Range {
+  DillLoadsCall() { this.asCfgNode().(CallNode).getFunction() = Dill::dill::loads().asCfgNode() }
 
   override predicate unsafe() { any() }
 
diff --git a/python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll b/python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll
@@ -363,10 +363,8 @@ private module Stdlib {
    * A call to `marshal.loads`
    * See https://docs.python.org/3/library/marshal.html#marshal.loads
    */
-  private class MarshalLoadsCall extends UnmarshalingFunction::Range {
-    MarshalLoadsCall() {
-      this.asCfgNode().(CallNode).getFunction() = marshal::loads().asCfgNode()
-    }
+  private class MarshalLoadsCall extends Decoding::Range {
+    MarshalLoadsCall() { this.asCfgNode().(CallNode).getFunction() = marshal::loads().asCfgNode() }
 
     override predicate unsafe() { any() }
 
@@ -416,10 +414,8 @@ private module Stdlib {
    * A call to `pickle.loads`
    * See https://docs.python.org/3/library/pickle.html#pickle.loads
    */
-  private class PickleLoadsCall extends UnmarshalingFunction::Range {
-    PickleLoadsCall() {
-      this.asCfgNode().(CallNode).getFunction() = pickle::loads().asCfgNode()
-    }
+  private class PickleLoadsCall extends Decoding::Range {
+    PickleLoadsCall() { this.asCfgNode().(CallNode).getFunction() = pickle::loads().asCfgNode() }
 
     override predicate unsafe() { any() }
 
diff --git a/python/ql/src/experimental/semmle/python/frameworks/Yaml.qll b/python/ql/src/experimental/semmle/python/frameworks/Yaml.qll
@@ -45,10 +45,8 @@ private module Yaml {
  * This function was briefly thought safe until new exploits were found in 2020,
  * see https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation for details.
  */
-private class YamlDeserialization extends UnmarshalingFunction::Range {
-  YamlDeserialization() {
-    this.asCfgNode().(CallNode).getFunction() = Yaml::yaml::load().asCfgNode()
-  }
+private class YamlLoadCall extends Decoding::Range {
+  YamlLoadCall() { this.asCfgNode().(CallNode).getFunction() = Yaml::yaml::load().asCfgNode() }
 
   override predicate unsafe() {
     // If the `Loader` is not set to either `SafeLoader` or `BaseLoader` or not set at all,
diff --git a/python/ql/test/experimental/library-tests/frameworks/dill/Decoding.py b/python/ql/test/experimental/library-tests/frameworks/dill/Decoding.py
diff --git a/python/ql/test/experimental/library-tests/frameworks/stdlib/Decoding.py b/python/ql/test/experimental/library-tests/frameworks/stdlib/Decoding.py
diff --git a/python/ql/test/experimental/library-tests/frameworks/yaml/Decoding.py b/python/ql/test/experimental/library-tests/frameworks/yaml/Decoding.py
diff --git a/python/ql/test/experimental/meta/ConceptsTest.qll b/python/ql/test/experimental/meta/ConceptsTest.qll
@@ -33,38 +33,38 @@ class SystemCommandExecutionTest extends InlineExpectationsTest {
   }
 }
 
-class UnmarshalingFunctionTest extends InlineExpectationsTest {
-  UnmarshalingFunctionTest() { this = "UnmarshalingFunctionTest" }
+class DecodingTest extends InlineExpectationsTest {
+  DecodingTest() { this = "DecodingTest" }
 
   override string getARelevantTag() { result in ["getAnInput", "getOutput", "getFormat"] }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(location.getFile().getRelativePath()) and
-    exists(UnmarshalingFunction ds, string unsafe |
+    exists(Decoding d, string unsafe |
       (
-        ds.unsafe() and unsafe = "UNSAFE_"
+        d.unsafe() and unsafe = "UNSAFE_"
         or
-        not ds.unsafe() and unsafe = ""
+        not d.unsafe() and unsafe = ""
       ) and
       (
         exists(DataFlow::Node data |
           location = data.getLocation() and
           element = data.toString() and
           value = value_from_expr(data.asExpr()) and
           (
-            data = ds.getAnInput() and
+            data = d.getAnInput() and
             tag = unsafe + "getAnInput"
             or
-            data = ds.getOutput() and
+            data = d.getOutput() and
             tag = unsafe + "getOutput"
           )
         )
         or
         exists(string format |
-          location = ds.getLocation() and
+          location = d.getLocation() and
           element = format and
           value = format and
-          format = ds.getFormat() and
+          format = d.getFormat() and
           tag = unsafe + "getFormat"
         )
       )

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ class UnsafeDeserializationConfiguration extends TaintTracking::Configuration {`
`24`	`24`	`override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }`
`25`	`25`
`26`	`26`	`override predicate isSink(DataFlow::Node sink) {`
`27`		`- exists(UnmarshalingFunction d \|`
	`27`	`+ exists(Decoding d \|`
`28`	`28`	`d.unsafe() and`
`29`	`29`	`sink = d.getAnInput()`
`30`	`30`	`)`
Original file line number	Diff line number	Diff line change
`@@ -33,38 +33,38 @@ class SystemCommandExecutionTest extends InlineExpectationsTest {`
`33`	`33`	`}`
`34`	`34`	`}`
`35`	`35`
`36`		`-class UnmarshalingFunctionTest extends InlineExpectationsTest {`
`37`		`- UnmarshalingFunctionTest() { this = "UnmarshalingFunctionTest" }`
	`36`	`+class DecodingTest extends InlineExpectationsTest {`
	`37`	`+ DecodingTest() { this = "DecodingTest" }`
`38`	`38`
`39`	`39`	`override string getARelevantTag() { result in ["getAnInput", "getOutput", "getFormat"] }`
`40`	`40`
`41`	`41`	`override predicate hasActualResult(Location location, string element, string tag, string value) {`
`42`	`42`	`exists(location.getFile().getRelativePath()) and`
`43`		`- exists(UnmarshalingFunction ds, string unsafe \|`
	`43`	`+ exists(Decoding d, string unsafe \|`
`44`	`44`	`(`
`45`		`- ds.unsafe() and unsafe = "UNSAFE_"`
	`45`	`+ d.unsafe() and unsafe = "UNSAFE_"`
`46`	`46`	`or`
`47`		`- not ds.unsafe() and unsafe = ""`
	`47`	`+ not d.unsafe() and unsafe = ""`
`48`	`48`	`) and`
`49`	`49`	`(`
`50`	`50`	`exists(DataFlow::Node data \|`
`51`	`51`	`location = data.getLocation() and`
`52`	`52`	`element = data.toString() and`
`53`	`53`	`value = value_from_expr(data.asExpr()) and`
`54`	`54`	`(`
`55`		`- data = ds.getAnInput() and`
	`55`	`+ data = d.getAnInput() and`
`56`	`56`	`tag = unsafe + "getAnInput"`
`57`	`57`	`or`
`58`		`- data = ds.getOutput() and`
	`58`	`+ data = d.getOutput() and`
`59`	`59`	`tag = unsafe + "getOutput"`
`60`	`60`	`)`
`61`	`61`	`)`
`62`	`62`	`or`
`63`	`63`	`exists(string format \|`
`64`		`- location = ds.getLocation() and`
	`64`	`+ location = d.getLocation() and`
`65`	`65`	`element = format and`
`66`	`66`	`value = format and`
`67`		`- format = ds.getFormat() and`
	`67`	`+ format = d.getFormat() and`
`68`	`68`	`tag = unsafe + "getFormat"`
`69`	`69`	`)`
`70`	`70`	`)`