Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit cc1c32c

Browse files
yoffyoff
committed
Python: model file accesses
1 parent a5912ff commit cc1c32c

3 files changed

Lines changed: 28 additions & 10 deletions

File tree

python/ql/lib/semmle/python/frameworks/Asyncpg.qll

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,24 @@ private module Asyncpg {
3838
override DataFlow::Node getSql() { result in [this.getArg(0), this.getArgByName(queryArg)] }
3939
}
4040

41+
private string fileAccessMethodName(string pathArg) {
42+
result in ["copy_from_query", "copy_from_table"] and
43+
pathArg = "output"
44+
or
45+
result = "copy_to_table" and
46+
pathArg = "source"
47+
}
48+
49+
class FileAccessOnConnection extends FileSystemAccess::Range, DataFlow::MethodCallNode {
50+
string pathArg;
51+
52+
FileAccessOnConnection() {
53+
this.calls([connectionPool().getAUse(), connection().getAUse()], fileAccessMethodName(pathArg))
54+
}
55+
56+
override DataFlow::Node getAPathArgument() { result in [this.getArgByName(pathArg)] }
57+
}
58+
4159
/**
4260
* Holds if `result` is the result of awaiting `n`.
4361
*/

python/ql/test/library-tests/frameworks/asyncpg/FileSystemAccess.py

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,11 @@ async def test_connection():
77
try:
88
# The file-like object is passed in as a keyword-only argument.
99
# See https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.connection.Connection.copy_from_query
10-
await conn.copy_from_query("sql", output="filepath") # $ getSql="sql" MISSING: getAPathArgument="filepath"
11-
await conn.copy_from_query("sql", "arg1", "arg2", output="filepath") # $ getSql="sql" MISSING: getAPathArgument="filepath"
10+
await conn.copy_from_query("sql", output="filepath") # $ getSql="sql" getAPathArgument="filepath"
11+
await conn.copy_from_query("sql", "arg1", "arg2", output="filepath") # $ getSql="sql" getAPathArgument="filepath"
1212

13-
await conn.copy_from_table("table", output="filepath") # $ MISSING: getAPathArgument="filepath"
14-
await conn.copy_to_table("table", source="filepath") # $ MISSING: getAPathArgument="filepath"
13+
await conn.copy_from_table("table", output="filepath") # $ getAPathArgument="filepath"
14+
await conn.copy_to_table("table", source="filepath") # $ getAPathArgument="filepath"
1515

1616
finally:
1717
await conn.close()
@@ -20,10 +20,10 @@ async def test_connection_pool():
2020
pool = await asyncpg.create_pool()
2121

2222
try:
23-
await pool.copy_from_query("sql", output="filepath") # $ getSql="sql" MISSING: getAPathArgument="filepath"
24-
await pool.copy_from_query("sql", "arg1", "arg2", output="filepath") # $ getSql="sql" MISSING: getAPathArgument="filepath"
25-
await pool.copy_from_table("table", output="filepath") # $ MISSING: getAPathArgument="filepath"
26-
await pool.copy_to_table("table", source="filepath") # $ MISSING: getAPathArgument="filepath"
23+
await pool.copy_from_query("sql", output="filepath") # $ getSql="sql" getAPathArgument="filepath"
24+
await pool.copy_from_query("sql", "arg1", "arg2", output="filepath") # $ getSql="sql" getAPathArgument="filepath"
25+
await pool.copy_from_table("table", output="filepath") # $ getAPathArgument="filepath"
26+
await pool.copy_to_table("table", source="filepath") # $ getAPathArgument="filepath"
2727

2828
finally:
2929
await pool.close()

python/ql/test/library-tests/frameworks/asyncpg/SqlExecution.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ async def test_connection():
55
conn = await asyncpg.connect()
66

77
try:
8-
await conn.copy_from_query("sql", output="filepath") # $ getSql="sql" MISSING: getAPathArgument="filepath"
8+
await conn.copy_from_query("sql", output="filepath") # $ getSql="sql" getAPathArgument="filepath"
99
await conn.execute("sql") # $ getSql="sql"
1010
await conn.executemany("sql") # $ getSql="sql"
1111
await conn.fetch("sql") # $ getSql="sql"
@@ -62,7 +62,7 @@ async def test_connection_pool():
6262
pool = await asyncpg.create_pool()
6363

6464
try:
65-
await pool.copy_from_query("sql", output="filepath") # $ getSql="sql" MISSING: getAPathArgument="filepath"
65+
await pool.copy_from_query("sql", output="filepath") # $ getSql="sql" getAPathArgument="filepath"
6666
await pool.execute("sql") # $ getSql="sql"
6767
await pool.executemany("sql") # $ getSql="sql"
6868
await pool.fetch("sql") # $ getSql="sql"

0 commit comments

Comments
 (0)