Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b7e8b48

Browse files
yoffyoff
committed
Python: Move concept tests out
These tests should be fleshed out at some point, but currently they test all that we model.
1 parent 4685f2d commit b7e8b48

11 files changed

Lines changed: 62 additions & 6 deletions

File tree

python/ql/src/experimental/semmle/python/frameworks/Dill.qll

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ private module Dill {
2020
/** Gets a reference to the `dill` module. */
2121
DataFlow::Node dill() { result = dill(DataFlow::TypeTracker::end()) }
2222

23+
/** Provides models for the `dill` module. */
2324
module dill {
2425
/** Gets a reference to the `dill.loads` function. */
2526
private DataFlow::Node loads(DataFlow::TypeTracker t) {
@@ -55,5 +56,10 @@ private class DillDeserialization extends UnmarshalingFunction::Range {
5556

5657
override DataFlow::Node getOutput() { result = this }
5758

58-
override string getFormat() { none() }
59+
override string getFormat() {
60+
result = this.asCfgNode().(CallNode).getArgByName("encoding").(NameNode).getId()
61+
or
62+
not exists(this.asCfgNode().(CallNode).getArgByName("encoding")) and
63+
result = "ASCII"
64+
}
5965
}

python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -342,6 +342,7 @@ private module Stdlib {
342342
/** Gets a reference to the `marshal` module. */
343343
DataFlow::Node marshal() { result = marshal(DataFlow::TypeTracker::end()) }
344344

345+
/** Provides models for the `marshal` module. */
345346
module marshal {
346347
/** Gets a reference to the `marshal.loads` function. */
347348
private DataFlow::Node loads(DataFlow::TypeTracker t) {
@@ -394,6 +395,7 @@ private module Stdlib {
394395
/** Gets a reference to the `pickle` module. */
395396
DataFlow::Node pickle() { result = pickle(DataFlow::TypeTracker::end()) }
396397

398+
/** Provides models for the `pickle` module. */
397399
module pickle {
398400
/** Gets a reference to the `pickle.loads` function. */
399401
private DataFlow::Node loads(DataFlow::TypeTracker t) {
@@ -429,6 +431,9 @@ private module Stdlib {
429431

430432
override string getFormat() {
431433
result = this.asCfgNode().(CallNode).getArgByName("encoding").(NameNode).getId()
434+
or
435+
not exists(this.asCfgNode().(CallNode).getArgByName("encoding")) and
436+
result = "ASCII"
432437
}
433438
}
434439
}

python/ql/src/experimental/semmle/python/frameworks/Yaml.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ private module Yaml {
2020
/** Gets a reference to the `yaml` module. */
2121
DataFlow::Node yaml() { result = yaml(DataFlow::TypeTracker::end()) }
2222

23+
/** Provides models for the `yaml` module. */
2324
module yaml {
2425
/** Gets a reference to the `yaml.load` function. */
2526
private DataFlow::Node load(DataFlow::TypeTracker t) {

python/ql/test/experimental/query-tests/Security-new-dataflow/CWE-502/ConceptsTest.expected renamed to python/ql/test/experimental/library-tests/frameworks/dill/ConceptsTest.expected

File renamed without changes.

python/ql/test/experimental/query-tests/Security-new-dataflow/CWE-502/ConceptsTest.ql renamed to python/ql/test/experimental/library-tests/frameworks/dill/ConceptsTest.ql

File renamed without changes.

python/ql/test/experimental/library-tests/frameworks/dill/UnmarshalFunction.py

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
import flask
2+
import dill
3+
4+
from flask import Flask, request
5+
6+
app = Flask(__name__)
7+
8+
9+
@app.route("/")
10+
def hello():
11+
payload = request.args.get("payload")
12+
dill.loads(payload) # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=ASCII
13+
dill.loads(payload, encoding='latin1') # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=latin1

python/ql/test/experimental/library-tests/frameworks/stdlib/UnmarshalFunction.py

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
import flask
2+
import pickle
3+
import marshal
4+
5+
from flask import Flask, request
6+
7+
app = Flask(__name__)
8+
9+
10+
@app.route("/")
11+
def hello():
12+
payload = request.args.get("payload")
13+
pickle.loads(payload) # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=ASCII
14+
pickle.loads(payload, encoding='latin1') # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=latin1
15+
marshal.loads(payload) # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute()

python/ql/test/experimental/library-tests/frameworks/yaml/ConceptsTest.expected

Whitespace-only changes.

python/ql/test/experimental/library-tests/frameworks/yaml/ConceptsTest.ql

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
import python
2+
import experimental.meta.ConceptsTest

python/ql/test/experimental/library-tests/frameworks/yaml/UnmarshalFunction.py

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
import flask
2+
import yaml
3+
from yaml import SafeLoader
4+
5+
from flask import Flask, request
6+
7+
app = Flask(__name__)
8+
9+
10+
@app.route("/")
11+
def hello():
12+
payload = request.args.get("payload")
13+
yaml.load(payload) # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute()
14+
yaml.load(payload, Loader=SafeLoader) # $getAnInput=payload $getOutput=Attribute()

0 commit comments

Comments
 (0)