Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit da77cbb

Browse files
yoffyoff
committed
Python: concepts PathCheck and PathNormalization
Should they be in a module?
1 parent 2e8cbbd commit da77cbb

1 file changed

Lines changed: 41 additions & 3 deletions

File tree

python/ql/src/experimental/semmle/python/Concepts.qll

Lines changed: 41 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -48,12 +48,12 @@ module SystemCommandExecution {
4848
* extend `FileSystemAccess::Range` instead.
4949
*/
5050
class FileSystemAccess extends DataFlow::Node {
51-
FileSystemAccess::Range self;
51+
FileSystemAccess::Range range;
5252

53-
FileSystemAccess() { this = self }
53+
FileSystemAccess() { this = range }
5454

5555
/** Gets an argument to this file system access that is interpreted as a path. */
56-
DataFlow::Node getAPathArgument() { result = self.getAPathArgument() }
56+
DataFlow::Node getAPathArgument() { result = range.getAPathArgument() }
5757
}
5858

5959
/** Provides a class for modeling new file-system access APIs. */
@@ -71,6 +71,44 @@ module FileSystemAccess {
7171
}
7272
}
7373

74+
/**
75+
* A data-flow node that performs path normlization. This is often needed in oder
76+
* to safely access paths.
77+
*/
78+
class PathNormalization extends DataFlow::Node {
79+
PathNormalization::Range range;
80+
81+
PathNormalization() { this = range }
82+
}
83+
84+
/** Provides a class for modeling new path normalization APIs. */
85+
module PathNormalization {
86+
/**
87+
* A data-flow node that performs path normlization. This is often needed in oder
88+
* to safely access paths.
89+
*/
90+
abstract class Range extends DataFlow::Node { }
91+
}
92+
93+
/**
94+
* A data-flow node that checks validates a path, for instance checking that it exists
95+
* or that it is safe to access.
96+
*/
97+
class PathCheck extends DataFlow::Node {
98+
PathCheck::Range range;
99+
100+
PathCheck() { this = range }
101+
}
102+
103+
/** Provides a class for modeling new path normalization APIs. */
104+
module PathCheck {
105+
/**
106+
* A data-flow node that checks validates a path, for instance checking that it exists
107+
* or that it is safe to access.
108+
*/
109+
abstract class Range extends DataFlow::Node { }
110+
}
111+
74112
/**
75113
* A data-flow node that decodes data from a binary or textual format. This
76114
* is intended to include deserialization, unmarshalling, decoding, unpickling,

0 commit comments

Comments
 (0)