Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d29879a

Browse files
tausbnRasmusWL
tausbn
authored and
RasmusWL
committed
Python: Model kombu.serialization
More `pickle` wrappers.
1 parent a6dc6f3 commit d29879a

1 file changed

Lines changed: 9 additions & 2 deletions

File tree

python/ql/lib/semmle/python/frameworks/Stdlib.qll

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1298,14 +1298,21 @@ module StdlibPrivate {
12981298
// pickle
12991299
// ---------------------------------------------------------------------------
13001300
/** Gets a reference to any of the `pickle` modules. */
1301-
API::Node pickle() { result = API::moduleImport(["pickle", "cPickle", "_pickle", "cloudpickle"]) }
1301+
API::Node pickle() {
1302+
result = API::moduleImport(["pickle", "cPickle", "_pickle", "cloudpickle"]) or
1303+
result = API::moduleImport("kombu").getMember("serialization").getMember("pickle")
1304+
}
13021305

13031306
/**
13041307
* A call to `pickle.load`
13051308
* See https://docs.python.org/3/library/pickle.html#pickle.load
13061309
*/
13071310
private class PickleLoadCall extends Decoding::Range, DataFlow::CallCfgNode {
1308-
PickleLoadCall() { this = pickle().getMember("load").getACall() }
1311+
PickleLoadCall() {
1312+
this = pickle().getMember("load").getACall() or
1313+
this =
1314+
API::moduleImport("kombu").getMember("serialization").getMember("pickle_load").getACall()
1315+
}
13091316

13101317
override predicate mayExecuteInput() { any() }
13111318

0 commit comments

Comments
 (0)