Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit a76d276

Browse files
yoffyoff
committed
Python: Adjust getARelevantTag 
1 parent 3b9ea3a commit a76d276

5 files changed

Lines changed: 11 additions & 8 deletions

File tree

python/ql/src/experimental/semmle/python/frameworks/Yaml.qll

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,9 @@ private module Yaml {
4141
/**
4242
* A call to `yaml.load`
4343
* See https://pyyaml.org/wiki/PyYAMLDocumentation (you will have to scroll down).
44+
*
45+
* This function was briefly thought safe until new exploits were found in 2020,
46+
* see https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation for details.
4447
*/
4548
private class YamlDeserialization extends UnmarshalingFunction::Range {
4649
YamlDeserialization() {

python/ql/test/experimental/library-tests/frameworks/dill/UnmarshalFunction.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
11
import dill
22

3-
dill.loads(payload) # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=ASCII
4-
dill.loads(payload, encoding='latin1') # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=latin1
3+
dill.loads(payload) # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=dill
4+
dill.loads(payload, encoding='latin1') # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=dill

python/ql/test/experimental/library-tests/frameworks/stdlib/UnmarshalFunction.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,6 @@
1010
@app.route("/")
1111
def hello():
1212
payload = request.args.get("payload")
13-
pickle.loads(payload) # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=ASCII
14-
pickle.loads(payload, encoding='latin1') # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=latin1
15-
marshal.loads(payload) # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute()
13+
pickle.loads(payload) # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=pickle
14+
pickle.loads(payload, encoding='latin1') # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=pickle
15+
marshal.loads(payload) # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=marshal

python/ql/test/experimental/library-tests/frameworks/yaml/UnmarshalFunction.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,5 +10,5 @@
1010
@app.route("/")
1111
def hello():
1212
payload = request.args.get("payload")
13-
yaml.load(payload) # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute()
14-
yaml.load(payload, Loader=SafeLoader) # $getAnInput=payload $getOutput=Attribute()
13+
yaml.load(payload) # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=YAML
14+
yaml.load(payload, Loader=SafeLoader) # $getAnInput=payload $getOutput=Attribute() $getFormat=YAML

python/ql/test/experimental/meta/ConceptsTest.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ class SystemCommandExecutionTest extends InlineExpectationsTest {
3636
class UnmarshalingFunctionTest extends InlineExpectationsTest {
3737
UnmarshalingFunctionTest() { this = "UnmarshalingFunctionTest" }
3838

39-
override string getARelevantTag() { result = "getData" }
39+
override string getARelevantTag() { result in ["getAnInput", "getOutput", "getFormat"] }
4040

4141
override predicate hasActualResult(Location location, string element, string tag, string value) {
4242
exists(location.getFile().getRelativePath()) and

0 commit comments

Comments
 (0)