Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit cdc5ca7

Browse files
RasmusWLRasmusWL
committed
Python: Model os.system and os.popen
1 parent 0265f26 commit cdc5ca7

1 file changed

Lines changed: 67 additions & 0 deletions

File tree

  • python/ql/src/experimental/semmle/python/frameworks

python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,3 +7,70 @@ private import python
77
private import experimental.dataflow.DataFlow
88
private import experimental.dataflow.RemoteFlowSources
99
private import experimental.semmle.python.Concepts
10+
11+
private module Stdlib {
12+
/** Gets a reference to the `os` module. */
13+
DataFlow::Node os(DataFlow::TypeTracker t) {
14+
t.start() and
15+
result = DataFlow::importModule("os")
16+
or
17+
exists(DataFlow::TypeTracker t2 | result = os(t2).track(t2, t))
18+
}
19+
20+
/** Gets a reference to the `os` module. */
21+
DataFlow::Node os() { result = os(DataFlow::TypeTracker::end()) }
22+
23+
module os {
24+
/** Gets a reference to the `os.system` function. */
25+
DataFlow::Node system(DataFlow::TypeTracker t) {
26+
t.start() and
27+
result = DataFlow::importMember("os", "system")
28+
or
29+
t.startInAttr("system") and
30+
result = os()
31+
or
32+
exists(DataFlow::TypeTracker t2 | result = os::system(t2).track(t2, t))
33+
}
34+
35+
/** Gets a reference to the `os.system` function. */
36+
DataFlow::Node system() { result = os::system(DataFlow::TypeTracker::end()) }
37+
38+
/** Gets a reference to the `os.popen` function. */
39+
DataFlow::Node popen(DataFlow::TypeTracker t) {
40+
t.start() and
41+
result = DataFlow::importMember("os", "system")
42+
or
43+
t.startInAttr("popen") and
44+
result = os()
45+
or
46+
exists(DataFlow::TypeTracker t2 | result = os::popen(t2).track(t2, t))
47+
}
48+
49+
/** Gets a reference to the `os.popen` function. */
50+
DataFlow::Node popen() { result = os::popen(DataFlow::TypeTracker::end()) }
51+
}
52+
53+
/**
54+
* A call to `os.system`.
55+
* See https://docs.python.org/3/library/os.html#os.system
56+
*/
57+
private class OsSystemCall extends SystemCommandExecution::Range {
58+
OsSystemCall() { this.asCfgNode().(CallNode).getFunction() = os::system().asCfgNode() }
59+
60+
override DataFlow::Node getCommand() {
61+
result.asCfgNode() = this.asCfgNode().(CallNode).getArg(0)
62+
}
63+
}
64+
65+
/**
66+
* A call to `os.popen`
67+
* See https://docs.python.org/3/library/os.html#os.popen
68+
*/
69+
private class OsPopenCall extends SystemCommandExecution::Range {
70+
OsPopenCall() { this.asCfgNode().(CallNode).getFunction() = os::popen().asCfgNode() }
71+
72+
override DataFlow::Node getCommand() {
73+
result.asCfgNode() = this.asCfgNode().(CallNode).getArg(0)
74+
}
75+
}
76+
}

0 commit comments

Comments
 (0)